last executing test programs:

16m12.529689295s ago: executing program 32 (id=579):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008602000000000000ff15000000000000"])
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
write$cgroup_int(r3, &(0x7f0000000040)=0x900, 0x12)

14m56.054567265s ago: executing program 3 (id=1161):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000840)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be99dab3de3854e73b903f78616596487bf50017c56b15385ab264cba5b166f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a01402074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e77e5b2897c3fff38eabf67e1e160c2b5e18be06457844d896d797c2603fbdb0613f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9001fedf54cc2dc6aea6c42c32de4e4291e70422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b8899fd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883c0600000000000000aea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee75bb1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380848965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9397034f9400"})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x5c7381, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x1, 0x2)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000000)={0x3, 0x98f904, 0x3})
read(r4, &(0x7f0000000100)=""/159, 0xfffffe5a)

14m55.805828915s ago: executing program 3 (id=1163):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000017c0), 0x8081, 0x0)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc0405668, &(0x7f0000000000)) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"]) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000003b80)={0x3, 0x1, 0xf000, 0x1000, &(0x7f0000001000/0x1000)=nil}) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080)) (async)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/freeze_filesystems', 0x149882, 0x8)
write$sysctl(r8, &(0x7f0000000040)='4\x00', 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x8)

14m55.353649831s ago: executing program 3 (id=1169):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r1, &(0x7f000000c000)={0xac, 0x6, 0x0, {0x2, 0xffffffffffffffff, 0x86, 0x0, '/er\x00\x00\b\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00K\x04c\xffI\xa1\xd4\xf1EF\xe6e\x15\x1d;\xf5Z\x1d,\x8b*\x12\xdc\xd5\xfcD\xe9\xfa\xc4qX\x95\xb7\xf1\x00\"QL#\x9c\xf2\xea\x1e\xac[\xed\xf0aZ\x00UW4\xe9\xa90#d|Kd\xba\xba*Oc\xe4v\xc3]\xc0h8~\x1c\xd3:\x91\x92\xf1X\x83a\x9aQ\x88UIu\x18\x037e\xc7;1\xd2\x05\x13\xfc\xe9\x9c%\xb6\xebC\xe9\xee\xae\x87\xba\xe8\xd3\xd2\nky\x83X\xc9c@L\x90.P\x96\x86\x1c\xedGmo\x04\x89U\xc0\xd5\xcfy-\xe6\x01\x04\xcc7\vm\x1f\xed\xdd\xcc:P?9\x8b\x80\x7ff\xa5\xff\xb3>\xda/R\x99$\xf2\x00\x97q-l\x9908{C\xb6a\xd08i\xd3E\xdc\x04J\xd6\xc7Ip@\x0eN\x06\x056\x1a\x0e\xcc(\tQ\xd4v*0asl\x8cyD\x1c\vC\\\x9e%c\xc8\xa8\xaa\x80\x04\x17\x9d>\x9e\xfa\xb48\x13E$aD\n2\x1e\x02\xb0Y\xec\x9f\x9fl\xd2\x8aQW)\xa87\xa5\xd5R\x8d\xf9\xad\x90\x93\x8e\xa2\xae\xc7\xdd4\x1e\xa9\xca\xe1\b6\t\xb8\xa3UO\x02T\xde\xc0.\xd9\aEpF\xf4\xe6\xecj\x9d\xc4Y+Y\x11\x9b\f\xfc'}}, 0xac)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x2000003, 0x202812, r0, 0x7dfff000)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r2, 0xc008551a, &(0x7f0000000180)=ANY=[@ANYBLOB="d80000e0130000006f340000000000000000061001000080f8ffffff"])
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040)=0x7)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000002c0)={0x7, @sdr={0x3234564e}})
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r4, 0xc0884113, &(0x7f0000000080)={0x1, 0xfffffffe, 0x0, 0x80000000, 0x8000, 0x0, 0x1, 0x0, 0x2, 0x1, 0xfffffffe, 0x2})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r4, 0xc0984124, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x24400)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f00000002c0))

14m54.266890674s ago: executing program 3 (id=1176):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x10000000000)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
r2 = mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r3, 0x40101286, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x6c, 0x0, &(0x7f0000000280)=[@increfs, @dead_binder_done, @register_looper, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fda={0x66646185, 0x9, 0x1, 0x3e}, @flat=@weak_binder={0x77622a85, 0x0, 0x1}, @fda={0x66646185, 0x9, 0x2, 0x21}}, &(0x7f0000000240)={0x0, 0x20, 0x38}}}, @decrefs={0x40046307, 0x2}], 0x5a, 0x0, &(0x7f00000003c0)="d92f121e4116a9b427e514135e7c0fc66beb555294093a23f087adc0052d2de98bcee09b65d10c070a23522aa54a13a720afe933d734c802446e7d1bdc68de4d3dbec6346aeed37d0b15b4afc4d4793366235483a6ba73bf88c1"})
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000640)={0x7c, 0x0, &(0x7f0000000540)=[@exit_looper, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000480)={@flat=@weak_handle={0x77682a85, 0x10a, 0x1}, @flat=@binder={0x73622a85, 0x1000}, @flat=@handle={0x73682a85, 0x100a, 0x1}}, &(0x7f0000000500)={0x0, 0x18, 0x30}}}, @free_buffer={0x40086303, r2}, @free_buffer={0x40086303, r2}, @release={0x40046306, 0x2}, @increfs_done], 0x5c, 0x0, &(0x7f00000005c0)="40b4174c9374296d743cf25f787370a4ae6a0c879412d07a217985c4e6a15b96505d10fd59b85b06f3c05244fb5aa458e539f0867cb2061e1a5811ac76847c84e4cf68b64164c05c4ab942ae07eec4644f1e708414da555b891a7c14"})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
ioctl$BLKFRASET(r6, 0x1264, &(0x7f0000000000)=0x3)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

14m51.273497614s ago: executing program 3 (id=1190):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0xe4742, 0x0)
r1 = openat$snapshot(0xffffff9c, &(0x7f0000000180), 0x3, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f00000001c0)={0x101, 0x7})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00'})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETSHIFTSTATE(r3, 0x560e, &(0x7f0000000000))
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r4, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = openat$cgroup_freezer_state(r0, &(0x7f0000000080), 0x2, 0x0)
close(r5)
r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_SUBMITURB(r6, 0xc0105500, &(0x7f00000006c0)=@urb_type_control={0x2, {0xc}, 0xfb1, 0x1, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x101, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r8 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r8, 0x5008, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r7, 0x6f000)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r7, 0x7d19f000)
ioctl$DMA_HEAP_IOCTL_ALLOC(r7, 0xc0184800, &(0x7f00000000c0)={0x7, r0, 0x80000})

14m50.922452835s ago: executing program 3 (id=1195):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4138ae84, &(0x7f0000000c40)=@x86={0xa9, 0xd, 0x18, 0x0, 0x100, 0x8, 0x9, 0x0, 0x40, 0xff, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x13, 0x33, '\x00', 0x8, 0x2}) (async)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"]) (async)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
close(0x3) (async)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x300}})
r8 = syz_open_dev$dri(&(0x7f00000001c0), 0x2, 0x6a000)
dup2(r3, r8) (async)
write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r6, 0x0, 0x0) (async)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)={0x6, 0x0, [{0x403, 0x0, 0xf780}, {0xa2b, 0x0, 0x4}, {0x1a2, 0x0, 0x80}, {0x200}, {0x332, 0x0, 0x1000}, {0x32e, 0x0, 0x49}]})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xfb101, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r10, &(0x7f0000000140)=ANY=[], 0xa) (async)
r11 = dup(r9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r11, 0x0)
ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

14m35.686358952s ago: executing program 33 (id=1195):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4138ae84, &(0x7f0000000c40)=@x86={0xa9, 0xd, 0x18, 0x0, 0x100, 0x8, 0x9, 0x0, 0x40, 0xff, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x13, 0x33, '\x00', 0x8, 0x2}) (async)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000e006"]) (async)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
close(0x3) (async)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x300}})
r8 = syz_open_dev$dri(&(0x7f00000001c0), 0x2, 0x6a000)
dup2(r3, r8) (async)
write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r6, 0x0, 0x0) (async)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)={0x6, 0x0, [{0x403, 0x0, 0xf780}, {0xa2b, 0x0, 0x4}, {0x1a2, 0x0, 0x80}, {0x200}, {0x332, 0x0, 0x1000}, {0x32e, 0x0, 0x49}]})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xfb101, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r10, &(0x7f0000000140)=ANY=[], 0xa) (async)
r11 = dup(r9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r11, 0x0)
ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

13m11.251057556s ago: executing program 2 (id=1739):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xffff, 0x0, "4ae23ae17df2e98c69ba36c4095c911abad88f"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xf7)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r1, 0x7dfff000)
syz_open_dev$tty20(0xc, 0x4, 0x0) (async)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xffff, 0x0, "4ae23ae17df2e98c69ba36c4095c911abad88f"}) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xf7) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x9) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) (async)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) (async)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r1, 0x7dfff000) (async)

13m11.177472168s ago: executing program 2 (id=1741):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000200)={'team0\x00'})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x8600, 0x0)
read(r1, &(0x7f0000000080)=""/159, 0x9f)

13m10.9715961s ago: executing program 2 (id=1742):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f00000000c0)=0x6)
r2 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000)

13m10.843203721s ago: executing program 2 (id=1744):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

13m10.471254925s ago: executing program 2 (id=1747):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r2, 0x6f000)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
read$snddsp(r1, &(0x7f0000000600)=""/72, 0x3e)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f0000000100)={0x0, 0x20323159, 0xd, 0x4, 0x3, @stepwise={{0x2, 0x80000000}, {0x8, 0x5}, {0x41, 0x9}}})
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x7, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000000541202, 0x0)
r6 = dup(r5)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x800008000000})
r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_FREE_STREAMS(r8, 0x41045508, 0xffffffffffffffff)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)

13m9.811496237s ago: executing program 2 (id=1754):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r2, 0x7dfff000)

12m54.597563641s ago: executing program 34 (id=1754):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r2, 0x7dfff000)

9m7.073304408s ago: executing program 6 (id=3570):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x1}) (async)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000002c0)={0x1, 0x7f, 0x9f4})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000200)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000280)={0x0, <r3=>r2, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000240)=[0x0, 0x0]}) (async)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) (async)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x7, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x3, 0x40000003, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0x0, 0x7, 0x9, 0x3, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x1f461e2c, 0x2, 0xfffffffd, 0x3, 0x3, 0x3, 0x7fff, 0xfffffffe, 0x8f00, 0x642, 0x4, 0xa, 0x0, 0x80071, 0x5, 0xfffff000, 0x103, 0x0, 0x5, 0x3c, 0x4, 0x1, 0x1000, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0xfffffffc], [0x10000007, 0x4, 0x1, 0x8000, 0x10, 0xfffffff5, 0x129432e6, 0x7, 0x6, 0x0, 0x2bb, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x78, 0xea3, 0xa, 0x4, 0x0, 0x8000, 0xb, 0x400, 0x101, 0x0, 0xfffffffd, 0xfffffffd, 0x1005, 0x7ff, 0x5f31, 0x4, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x7ffc, 0xffff, 0x2, 0x7f, 0x9, 0xfff, 0x1000, 0x4, 0x7, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0xfffffffe, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0xf, 0x8c, 0x0, 0x6d01, 0x5, 0x3b, 0x3, 0x5, 0x80, 0x3, 0xfff7fffe, 0x202, 0x0, 0xa2, 0x7, 0x53cf697b, 0x49bf, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0x3, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x0, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0x6, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x17, 0x7ffffffe, 0x5, 0x8, 0x8, 0x3, 0x50fd, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0xfffffffe, 0x80000004, 0x6, 0x1, 0x10002, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x4, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0xb1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c) (async)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x918)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3}) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000080)={0x1, r2, 0xa, 0xb, 0x6, 0x6, 0x4}) (async)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000300)=0x6)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r5, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

9m6.654069627s ago: executing program 6 (id=3572):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000c80), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000100)={0x5, 0x10, 0xfa00, {0xffffffffffffffff, r1}}, 0x18) (async)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_TIMEOUT(r2, 0x705, 0xfffffffffffffffb) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r5, 0x7dfff000)

9m6.482721279s ago: executing program 6 (id=3574):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000002c0)=0x19)
read$dsp(r1, &(0x7f0000000200)=""/168, 0xa8)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, r0, 0x1000000000000000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000040)=0x6)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

9m5.541709444s ago: executing program 6 (id=3583):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x14200)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000800)={0x1, 0x0, [{0x0, 0xe2, &(0x7f0000000240)=""/226}]})
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000003c0))
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
dup2(r2, r5)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10003, 0x2, 0xeeef0000, 0x1000, &(0x7f0000316000/0x1000)=nil})

9m5.241490265s ago: executing program 6 (id=3584):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xffffe000, 0x0, 0x4031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

9m4.787921606s ago: executing program 6 (id=3587):
ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000000)={0x0, 0x2e40ea1, [0x7f, 0x4, 0x1ff, 0x2400, 0x400, 0x3]})
r0 = syz_open_dev$sg(&(0x7f0000000040), 0xe, 0x18000)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000000c0)={0x2020, 0x0, <r2=>0x0, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_DIRENT(r1, &(0x7f0000002100)={0x60, 0xc47dfe73d86be0b8, r2, [{0x5, 0xffffffffffffffff, 0x9, 0x8, '/dev/sg#\x00'}, {0x2, 0x80000000, 0x9, 0x384d, '/dev/sg#\x00'}]}, 0x60)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000002180), 0x115500, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f00000021c0))
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000002200)={0x52, 0xf, 0x6, "882142c6843e579d69ae2d2187529bf41fbed6bcc6cd9037145a3e367d88a7de0880d422457afcd2f1031b2c9b8eb047b1c4acd16409a6927d4171adb098f066c1de85355713adba222970a3f42e0ae8fbe1"})
read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_DIRENT(r1, &(0x7f00000042c0)={0x98, 0xfffffffffffffff5, r5, [{0x0, 0x2646276c, 0x1, 0x5, '!'}, {0x5, 0x2, 0xa, 0x5, '/dev/cuse\x00'}, {0x5, 0x0, 0xa, 0x3, '/dev/cuse\x00'}, {0x6, 0x5, 0x0, 0x4}]}, 0x98)
r6 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000004380), 0x2, 0x0)
ioctl$VIDIOC_G_ENC_INDEX(r6, 0x8818564c, &(0x7f00000043c0))
syz_open_dev$I2C(&(0x7f0000004c00), 0xe6, 0x400)
ioctl$VIDIOC_TRY_ENCODER_CMD(r6, 0xc028564e, &(0x7f0000004c40)={0x3, 0x0, [0x0, 0x8, 0x0, 0x6, 0x6, 0x0, 0x10000, 0x4]})
write(r4, &(0x7f0000004c80)="beca0c728034229b51ef30b2ab2920e0fd085936e4d9682825f550df", 0x1c)
read$FUSE(r1, &(0x7f0000004cc0)={0x2020}, 0x2020)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000006d00)={0x0, r1, 0x81, 0x8, 0x5, 0x3})
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000006d40)=<r7=>0x0)
write$FUSE_ATTR(r1, &(0x7f0000006d80)={0x78, 0x0, r5, {0x7, 0x8, 0x0, {0x6, 0x7, 0xf, 0x0, 0x2, 0x782, 0x3, 0x7ff, 0x94, 0xa000, 0x80, r7, r3, 0x1, 0xc98d}}}, 0x78)
r8 = syz_open_dev$evdev(&(0x7f0000006e00), 0xbee7, 0x80000)
ioctl$EVIOCGKEYCODE(r8, 0x80084504, &(0x7f0000006e40)=""/212)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000006f40)={0x0, @aes256, 0x0, @desc4})
ioctl$VIDIOC_G_ENC_INDEX(r6, 0x8818564c, &(0x7f0000006f80))
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r9, 0xf504, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f00000077c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r11=>0x0})
ioctl$BTRFS_IOC_RM_DEV_V2(r10, 0x5000943a, &(0x7f00000079c0)={{r10}, r11, 0x12, @unused=[0x7, 0x4, 0x2, 0x1], @subvolid=0xf23})
write$FUSE_WRITE(r1, &(0x7f000000aa00)={0x18, 0x0, 0x0, {0x7fbe}}, 0x18)

8m49.688403776s ago: executing program 35 (id=3587):
ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000000)={0x0, 0x2e40ea1, [0x7f, 0x4, 0x1ff, 0x2400, 0x400, 0x3]})
r0 = syz_open_dev$sg(&(0x7f0000000040), 0xe, 0x18000)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000000c0)={0x2020, 0x0, <r2=>0x0, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_DIRENT(r1, &(0x7f0000002100)={0x60, 0xc47dfe73d86be0b8, r2, [{0x5, 0xffffffffffffffff, 0x9, 0x8, '/dev/sg#\x00'}, {0x2, 0x80000000, 0x9, 0x384d, '/dev/sg#\x00'}]}, 0x60)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000002180), 0x115500, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f00000021c0))
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000002200)={0x52, 0xf, 0x6, "882142c6843e579d69ae2d2187529bf41fbed6bcc6cd9037145a3e367d88a7de0880d422457afcd2f1031b2c9b8eb047b1c4acd16409a6927d4171adb098f066c1de85355713adba222970a3f42e0ae8fbe1"})
read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_DIRENT(r1, &(0x7f00000042c0)={0x98, 0xfffffffffffffff5, r5, [{0x0, 0x2646276c, 0x1, 0x5, '!'}, {0x5, 0x2, 0xa, 0x5, '/dev/cuse\x00'}, {0x5, 0x0, 0xa, 0x3, '/dev/cuse\x00'}, {0x6, 0x5, 0x0, 0x4}]}, 0x98)
r6 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000004380), 0x2, 0x0)
ioctl$VIDIOC_G_ENC_INDEX(r6, 0x8818564c, &(0x7f00000043c0))
syz_open_dev$I2C(&(0x7f0000004c00), 0xe6, 0x400)
ioctl$VIDIOC_TRY_ENCODER_CMD(r6, 0xc028564e, &(0x7f0000004c40)={0x3, 0x0, [0x0, 0x8, 0x0, 0x6, 0x6, 0x0, 0x10000, 0x4]})
write(r4, &(0x7f0000004c80)="beca0c728034229b51ef30b2ab2920e0fd085936e4d9682825f550df", 0x1c)
read$FUSE(r1, &(0x7f0000004cc0)={0x2020}, 0x2020)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000006d00)={0x0, r1, 0x81, 0x8, 0x5, 0x3})
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000006d40)=<r7=>0x0)
write$FUSE_ATTR(r1, &(0x7f0000006d80)={0x78, 0x0, r5, {0x7, 0x8, 0x0, {0x6, 0x7, 0xf, 0x0, 0x2, 0x782, 0x3, 0x7ff, 0x94, 0xa000, 0x80, r7, r3, 0x1, 0xc98d}}}, 0x78)
r8 = syz_open_dev$evdev(&(0x7f0000006e00), 0xbee7, 0x80000)
ioctl$EVIOCGKEYCODE(r8, 0x80084504, &(0x7f0000006e40)=""/212)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000006f40)={0x0, @aes256, 0x0, @desc4})
ioctl$VIDIOC_G_ENC_INDEX(r6, 0x8818564c, &(0x7f0000006f80))
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r9, 0xf504, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f00000077c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r11=>0x0})
ioctl$BTRFS_IOC_RM_DEV_V2(r10, 0x5000943a, &(0x7f00000079c0)={{r10}, r11, 0x12, @unused=[0x7, 0x4, 0x2, 0x1], @subvolid=0xf23})
write$FUSE_WRITE(r1, &(0x7f000000aa00)={0x18, 0x0, 0x0, {0x7fbe}}, 0x18)

7m51.380868724s ago: executing program 4 (id=3979):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000000)={0x0, 0x38, 0x3b, 0x1e, 0x1, 0x1040003, 0x5}) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, r0, 0x1a057000)

7m51.124839771s ago: executing program 4 (id=3980):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000080)={0x6, @pix={0xfffffffa, 0x3, 0x31303553, 0x1, 0x3ff, 0x2, 0x7, 0x57200000, 0x1, 0x4, 0x2, 0x1}})
ioctl$SNDCTL_SEQ_CTRLRATE(r1, 0xc0045103, 0x0)
read(r0, &(0x7f00000001c0)=""/143, 0x8f)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0xfffff000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3)

7m51.100613122s ago: executing program 4 (id=3981):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r2, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x1})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40000, 0x0)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r6, 0xc0285628, &(0x7f0000000300)={0x7})
read$FUSE(r5, 0x0, 0x0)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000440)=0x1000)
ioctl$SNDCTL_DSP_SYNC(r7, 0x5001, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r9 = dup(r8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r9, 0x0)
ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m50.15225431s ago: executing program 4 (id=3984):
r0 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab00, 0x1) (fail_nth: 2)

7m49.785026374s ago: executing program 4 (id=3985):
r0 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x0)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x66c343, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00004f1000/0x2000)=nil, 0x2000, 0x2000000, 0x11, r2, 0x0)
read$FUSE(r2, &(0x7f0000001900)={0x2020}, 0x2020)
lseek(r1, 0x6, 0x4)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r3, 0x5403, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xd91b, 0x0, "8b00000000000000faffffff55d72b4200"})
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f00000006c0)=0x55)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000280)=0x10)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000240)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x6, 0x0, @tick, {}, {}, @addr={0x4, 0x8}}], 0x1c)
ioctl$NBD_SET_BLKSIZE(r0, 0xab00, 0x5)

7m49.650531447s ago: executing program 4 (id=3986):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x52)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0xf, 0x17, 0x3ff, 0xb, 0x8000000000000000, 0x6, 0x40, 0x0, 0x6, 0x106d, 0x3, 0x9, 0x2, 0x8, 0x3d2], 0x4, 0x1000})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r3, 0x4b63, 0x0)
r4 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40440, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r4, &(0x7f0000000180)={0x2a, 0x3, 0x0, {0x3, 0x9, 0x0, '/dev/kvm\x00'}}, 0x2a)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
write$sndseq(r6, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @result}], 0x1c)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000300))
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f0000000180)={0x2, {0xc, 0xe5, 0x3, 0x6, 0x8}})
r8 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c02)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r8, 0xc0305710, 0x0)
preadv(r7, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x0, 0x20020, &(0x7f0000000140)=""/24}, &(0x7f0000000380)="851666ce20db", 0x0, 0xfffffffb, 0x39, 0x0, 0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x80a0000, 0x9000})
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r9, 0x7dfff000)

7m34.228641071s ago: executing program 36 (id=3986):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x52)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0xf, 0x17, 0x3ff, 0xb, 0x8000000000000000, 0x6, 0x40, 0x0, 0x6, 0x106d, 0x3, 0x9, 0x2, 0x8, 0x3d2], 0x4, 0x1000})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r3, 0x4b63, 0x0)
r4 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40440, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r4, &(0x7f0000000180)={0x2a, 0x3, 0x0, {0x3, 0x9, 0x0, '/dev/kvm\x00'}}, 0x2a)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
write$sndseq(r6, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @result}], 0x1c)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000300))
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f0000000180)={0x2, {0xc, 0xe5, 0x3, 0x6, 0x8}})
r8 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c02)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r8, 0xc0305710, 0x0)
preadv(r7, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x0, 0x20020, &(0x7f0000000140)=""/24}, &(0x7f0000000380)="851666ce20db", 0x0, 0xfffffffb, 0x39, 0x0, 0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x80a0000, 0x9000})
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r9, 0x7dfff000)

3m37.438425711s ago: executing program 7 (id=5545):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
ioctl$KDSKBENT(r4, 0x4b47, &(0x7f0000000000)={0x1, 0x0, 0x27f}) (async, rerun: 64)
ioctl$RTC_EPOCH_SET(r4, 0x4008700e, 0x3) (async, rerun: 64)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x2, 0x0, 0x0, 0x1000, &(0x7f0000ff9000/0x1000)=nil})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_X2APIC_API(r6, 0x4068aea3, &(0x7f0000000d40)={0xdb}) (async)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) (async, rerun: 64)
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) (rerun: 64)
ioctl$vim2m_VIDIOC_QUERYCAP(r8, 0x80685600, &(0x7f0000000040))
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15) (async)
ioctl$TCSETS(r9, 0x40384708, &(0x7f0000000040)={0x8, 0x1, 0x80, 0x3, 0x1a, "3eccd2000500"}) (async, rerun: 64)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9b06ea6ed04983fe5c5ca033dfce0a82577ef14eee5e6be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"}) (async, rerun: 64)
ioctl$USBDEVFS_SETINTERFACE(r7, 0x80085504, &(0x7f0000000180)) (async)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r10, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

3m37.315342697s ago: executing program 7 (id=5546):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0xf00, 0x0, 0x2, 0x0, 0x0}) (async, rerun: 64)
r1 = dup(0xffffffffffffffff) (rerun: 64)
r2 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f00000000c0)=0x1) (async)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x5, 0x1000, 0x4, 0x2}}) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_CAP_DISABLE_QUIRKS2(r4, 0x4068aea3, &(0x7f0000000000)={0xd5, 0x0, 0xc1}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0xfb7f000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) (rerun: 64)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000200)={0x2, 0x81, 0x9, 0x0, <r6=>0x0}) (async)
r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000480)={0x80, 0xb77, 0x9}) (async)
r8 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000340)={0xfffd, 0x881, 0x4, 0x0, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r7, 0xc00464b4, &(0x7f00000001c0)={r9}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000000)={0x86b, 0xe9, 0x2b}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000040)={r6}) (async, rerun: 64)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) (rerun: 64)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r12, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x10, 0x0, 0x8, 0x2, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x2, 0x1, 0x7, 0x4}, {0x2000, 0x5000, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xffff1000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0xc, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x5000, 0x0, 0x0, 0x7, 0x2, 0x0, 0x2, 0x0, 0x0, 0x10, 0x80}, {0xdddd1000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x2, 0x4}, {0x8080000, 0x3000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1a, 0x26, 0x0, 0xfd}, {0x80ac000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x8080000, 0x70, 0x0, 0xdd00, 0x5000, [0x6, 0x0, 0x1]}) (async)
ioctl$KVM_GET_SREGS(r3, 0x8138ae83, &(0x7f0000000540))
r13 = syz_open_dev$video(&(0x7f0000003a40), 0x9, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r13, 0x4020565a, &(0x7f0000003a80)={0x5}) (async, rerun: 32)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r13, 0x4020565b, &(0x7f0000000000)) (rerun: 32)

3m37.194552649s ago: executing program 7 (id=5548):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x78) (async, rerun: 32)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (rerun: 32)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000000)=<r4=>0x0)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x5, 0x6bf, 0x8, 0x1, {0x5, 0x2, 0x100000000, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, r4, 0x0, 0x0, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r3, &(0x7f00000003c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_CREATE_OPEN(r2, &(0x7f00000001c0)={0xa0, 0xfffffffffffffffe, r5, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x0, 0x2, 0x3, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, r4, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r2, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async, rerun: 32)
write(r3, &(0x7f0000002400)="a6b51f6b4711b052bdb84cd9a6f92d7588f72bb9b1cfc6468161a02f9443f9be761870a1ccbe52cb382dcd7cb673a1a54c2baf44d64b483aa42f05ca9e165d28654658bee7267dbfdebaffa87189c511caae02d13746d8f3a0426082ffd906149d8d52eb68fe5ea8eb6fe58cf369167e95da3eef438f9692d799ec7d17a95866a0ae20317baceebe61e89b62b83d1a3b71", 0x91) (rerun: 32)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x15) (async)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000002c0)=0x7e) (async)
r8 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$IOCTL_STATUS_ACCEL_DEV(r8, 0x40046103, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "412ef361e9349b54a134343f9c2edf9cecd983983d98efdac0111c51c8d390f8"})
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000000)=0x7d) (async, rerun: 32)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000180)) (async, rerun: 32)
r9 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r9, 0x0)
ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

3m35.53818175s ago: executing program 7 (id=5559):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000180)=0xf) (async)
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x2) (async)
syz_open_dev$sndmidi(&(0x7f00000000c0), 0x2, 0x80) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000080)={0x80000000, 0x0, &(0x7f0000000100)=[{{}, {<r3=>0x80000000, <r4=>0x0}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f00000000c0)={r3, &(0x7f000000a2c0)=[{}, {<r5=>0x80000000, <r6=>0x0}], 0x0})
ioctl$MEDIA_IOC_SETUP_LINK(r2, 0xc0347c03, &(0x7f0000000280)={{0x80000000, r4, 0x6, [0x7ff, 0x19a7]}, {r5, r6, 0x3, [0x983, 0x80000000]}, 0x0, [0x0, 0x80000001]})
ioctl$BLKFLSBUF(r1, 0x1261, &(0x7f0000000180)=0x7fff) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r1, 0x7dfff000)
r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f00000000c0)={0x1, 0x0, [{0xeeef0000, 0x11, &(0x7f0000000080)=""/17}]})

3m35.167603319s ago: executing program 7 (id=5561):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x20a00, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0xd000, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfe, 0x0, 0x4}, {0xdddd0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x80a0000}, {0xdddd1000, 0xff}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd801, 0x0, [0x0, 0x0, 0x1]})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40, 0x44)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3f)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x2ff, 0x0, 0x5}]})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)={0x10000000000000bf, 0x0, [{0x8d, 0x0, 0xffffffffffffff8f}]})
r11 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xd425, 0x80)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r11, 0x40045542, &(0x7f0000000080)=0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

3m34.394517292s ago: executing program 7 (id=5566):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000000))

3m19.332270221s ago: executing program 37 (id=5566):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000000))

2m25.34960543s ago: executing program 9 (id=5935):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

2m24.073324776s ago: executing program 9 (id=5942):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x7, 0x82401)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000080)={0x55, 0x100, 0x6, {0x7fff, 0x7}, {0x5, 0x4}, @const={0x3, {0x5, 0x0, 0x7f, 0x4}}}) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x7, 0x0, 0x5, 0x18, 0x5, "be9fde244b0761a78f14a749ac419512ad9c15eb75701218f6cf51fc3f6ce62347289d2ab6491b17b3f7d92832eab44ed2c2cfdbcaaf0e6aeda1a3193031b675", "bcc3f2ea3f0017c33ec71ab1c2cc0cc9c923a62c4d11db02ee29c6ddd7165dc98cf34d26a3405618ae66cea50afdfd1ad6f237954ba2b233da9e0158fc6f6729", "3d1b145ff3d7078c3a1a9210dfff9f5cd191cbdce1581dd9f2f625fb92a9fcae", [0xa, 0x10001]}) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r1, 0x7dfff000)

2m23.846638209s ago: executing program 9 (id=5943):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000080)={0xc, <r3=>0x0})
r4 = openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r4, 0x3b65, 0x6)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_COPY$syz(r2, 0x3b83, &(0x7f00000001c0)={0x28, 0x2, r3, r5, 0x1fa364, 0x81, 0x7, 0x1cc8e7})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

2m23.534623955s ago: executing program 9 (id=5946):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x80002)
ioctl$LOOP_SET_STATUS(r1, 0x1277, 0x0)
r2 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x637ff4f68ee6252b, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000)

2m22.659582031s ago: executing program 9 (id=5952):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000)
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20680, 0x0)
ioctl(r1, 0xfffff000, &(0x7f0000000000))
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af10, &(0x7f0000000540))
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)

2m21.910601226s ago: executing program 9 (id=5956):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa8400, 0x0)
r1 = dup(r0)
read(r0, &(0x7f0000000100)=""/159, 0x9f)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x20010, r2, 0x357a7000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008b"])
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000000)={0x1, 0x1, 0xfffffffa})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2})
ioctl$VIDIOC_REQBUFS(r6, 0xc0585609, &(0x7f0000000280)={0x20, 0xa})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

2m6.018314369s ago: executing program 38 (id=5956):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa8400, 0x0)
r1 = dup(r0)
read(r0, &(0x7f0000000100)=""/159, 0x9f)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x20010, r2, 0x357a7000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008b"])
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000000)={0x1, 0x1, 0xfffffffa})
ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2})
ioctl$VIDIOC_REQBUFS(r6, 0xc0585609, &(0x7f0000000280)={0x20, 0xa})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

26.342855658s ago: executing program 8 (id=6510):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0xd, 0x202812, r2, 0x7dfff000)

25.726687492s ago: executing program 5 (id=6514):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {0xe}, @raw32}], 0x1c)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20401)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r3, 0xc0a85320, &(0x7f0000000340)={{0x80, 0x8}, 'port0\x00', 0xa2, 0x40000, 0x7, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x7f}) (async)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r3, 0xc0a85320, &(0x7f0000000180)={{0x80, 0x84}, 'port0\x00', 0x24, 0x418, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x5}) (async)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r4, 0xc0a85352, &(0x7f0000000200)={{0x80}, 'port0\x00', 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)) (async)
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x8000, 0x5, 0x7, 0x1, 0x9, 0x3, 0xbf, 0xb8, 0x3, 0xf, 0x5, 0x6}, {0x804, 0x5, 0x1, 0x5, 0x7, 0x2, 0xff, 0x5, 0x9, 0x4, 0xb, 0x7f, 0x3}, {0x4, 0x6, 0x38, 0x6, 0x84, 0x7, 0x0, 0x50, 0x2, 0x70, 0x3, 0xa, 0x400000000006}], 0xffffffff}) (async)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000280)={0x315, 0x3, 0x1, 'queue1\x00', 0x9}) (async)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/mdstat\x00', 0x0, 0x0)
preadv(r7, &(0x7f0000000780)=[{&(0x7f0000000280)=""/66, 0x42}, {&(0x7f00000004c0)=""/24, 0x18}], 0x2, 0x1, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

25.318742958s ago: executing program 8 (id=6515):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6a8e40, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000004200)='/sys/power/sync_on_suspend', 0x40082, 0x14c)
syz_open_dev$evdev(0xfffffffffffffffe, 0x3, 0x101000)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000004280)={0x32, 0x4, 0x0, {0x5, 0x10, 0xa, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x32)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read(r4, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000000000000064d564b", @ANYBLOB="6103332529d8"])
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="0040000000007bc1e04261da27777f0000000000000077f587b8d5f3ce42eff31bb7ecd457650b2d53c161eca1e10247583e870af143023c62644d9826309868360fcf212d7a703cf73bca0f2ceedc0205611fbc3d19f500cf669f7aa77eb6121c6e97adc5ad495dee2f68c5f60221ee6aead2e4c3b22821670fafb60472324ae4dfd9ccdff6c9420aeb49666a8d2f9953739789fb28c8bd539752bb6a12b5dfdeb6aaa7f22922c7eeef4a5241605675026b9102bb8ade25128cc3c80cf4451a692869508511de4384ecd07877e5db52ce7e2dabd774a579fce59cb553c6e5ef5611eae9554a64c766c3b0d857e08286c953ef275379836a"])
read(r0, &(0x7f0000000080)=""/173, 0xad)
r9 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x80080, 0x0)
ioctl$TIOCMIWAIT(r9, 0x545c, 0x0)
ioctl$TCGETS(r9, 0x5401, &(0x7f0000000140))

25.190440885s ago: executing program 5 (id=6516):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r3, 0x4048aecb, &(0x7f0000001440)={{0x2, 0x0, 0x80, {0xffffffffffffffff, 0xd000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r5, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r5, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r5, 0x800c5012, &(0x7f0000000200))
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r8, &(0x7f0000000080)={0xe, 0x40, 0x3, 0x1}, 0x8)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_CROP(r9, 0xc014563b, &(0x7f0000000540)={0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2})
r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r10, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000000c0)=0xf9)
ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000001c0)=0x9)
ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000180)=0x1)

25.023376796s ago: executing program 8 (id=6518):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x3, 0x3}, {0x0, 0x0, 0x0, 0xffffffff}, {0x2000, 0x0, 0x8}, {0x60}, {0x6}]})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_TSS_ADDR(r3, 0xae47, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x3, 0x3}, {0x0, 0x0, 0x0, 0xffffffff}, {0x2000, 0x0, 0x8}, {0x60}, {0x6}]}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_SET_TSS_ADDR(r3, 0xae47, 0x0) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000) (async)

24.108118347s ago: executing program 8 (id=6521):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000002b40), 0x3, 0x2)
ioctl$VIDIOC_QUERYMENU(r1, 0xc02c5625, &(0x7f0000000000)={0x98f907, 0x1, @value})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r2 = openat$rdma_cm(0xffffff9c, &(0x7f0000000f00), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000fc0)={0x16, 0x40, 0xfa00, {{0xa, 0x4e23, 0xccf1, @private0}, {0xa, 0x4e23, 0x0, @local}}}, 0x48)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

23.886590867s ago: executing program 8 (id=6523):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x8, 0x1, 0x4, 0x0, 0xd})
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000480)={0x1, @sliced={0x0, [0x0, 0x6, 0x5, 0x36, 0x8c6, 0x7, 0x6, 0x2, 0x7, 0x1, 0xf, 0x4, 0x3ff, 0x400, 0xb8f4, 0x5, 0x2, 0x6, 0x7fff, 0x4, 0x3, 0x6, 0x9, 0x7fff, 0x5, 0xf, 0x8, 0x5, 0x1, 0x0, 0x86, 0x5, 0x8, 0x4, 0x10, 0x3, 0xfffe, 0x4ac, 0x7f, 0x504e, 0xb, 0x4, 0x8008, 0x401, 0x4, 0xcd73, 0x4, 0xc], 0x80000000}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x561}]})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = dup(r8)
ioctl$KVM_SET_MSRS(r9, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="82000000000000009e000040"])
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080)=0x1000)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000002c0)={0x5, 0x0, [{0x98a, 0x0, 0x1}, {0xb79, 0x0, 0x8}, {0x119, 0x0, 0x3ff}, {0x916, 0x0, 0x6}, {0x400000b7}]})
r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r10, &(0x7f00000003c0)={0x16, 0x98, 0xfa00, {0x0, 0x4, 0xffffffffffffffff, 0x1c, 0xeb5585e46ba929c8, @in6={0xa, 0x4e20, 0x4, @mcast1, 0x5}}}, 0xa0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

23.534578943s ago: executing program 5 (id=6526):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001900), 0x802, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000080c72a51a9b89cbcfc524ad25c2e6edd453b2e3c330d0cf6eeec2f336cfc0743f427d5f038e434be07f47cb27a139a341f3c65bde4ab56055ae9819dd5158cb7547b73c42e52af5b5d6f83ee1282dfa037aeaa954376f4eb73c83ffb64617eecac7730bc87005e19834e9104763a4533f486f1152d66a72c8bc3f6aa9241b5157e29a136be6ededeb50e116395cb7dfec8ee5c6daa8e1854550df517658b1b99fe1b2938644396ab5a768803aa05e1b08f0c0efe3df52268973b639f1a8fe0e4d4a8b4e4ace3c5be8129deb2454960e204efc4578b6561f305ff723868ed"], 0x119)
close(0x3)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x244800, 0x0)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r6, 0xc0045009, &(0x7f00000000c0)=0x1)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_OUTPUT(r7, 0xc00456bf, &(0x7f0000001040))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

23.166380041s ago: executing program 8 (id=6529):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x6e1, 0x0)
r1 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"678c0c48e2e0d4741fde0cbc186a788fdc3e24cf979529fefeb43960f177f2cf", 0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000080)={0xe8e, 0x7, 0x4, 0x0, 0x0, [{{}, 0x2e5}, {{r0}, 0x8}, {{r1}, 0xffffffffffffffff}, {{r2}}]})
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x440, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000180)={0x9, "527a0b1c2c5547f08d1e8e9981da4c50565280b6e135c3b24e25e01a1e7f6147", <r4=>0xffffffffffffffff})
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000001500)={&(0x7f0000001480)=[{0x9, 0x0, 0xee, &(0x7f00000001c0)="0050cd0ac9500b35d7e790f529062eb561b4b45658be7b5dfb5a1deba7d06080e4f352e5fdf0c6d2b3d81d69d2bda403a6484e8c2be65e5ff2476aa0dfc8c2a40227d3936815f08292dc5846e595bef343a2e8102f3d11b4d0a2f2689361ea9309ce2f0b196178df08b4665e16009407f8880803f85f66e1414448276f56a7992421ec1880275fbe5d40d96517ad7e517f03761258d23053ca3e1d6887c34e2dbe2ebd045326cfa500ec18d21b37b3e5656f1d5a4b87f6cafcb4b65e4ef8d3a8ad180d9aa46854bd503d0e31f518da82053f4ab677cedf643f71292123fb5195c365e3303652994fe6f23e359d42"}, {0x7cd, 0x3, 0x1000, &(0x7f00000002c0)="7d3917862e9f68b5e1aea005fda177ccd330d2d311cc575e68a1ae02888804b6b04b09526def91b34483d9f658486e1b4f23f69a408431649ca8008bc8c90896782b9bd884bbf939edd823887410fe064d0997a9ac6daa2c619b29d3b3f788309bbe369c471d5de7ec96525cf7b5febd44c967fcd776273b5f017ccc75e7ed1bac2ae533b8667a7960a0aa941ce610b77fc84dc68174fd6bd15d1255df71367cfe6305bacea30b92133514d58b747ca1e5c800e58d3c209fd3a3849653b9e934e616a9ff2f84f445ec117f03b35675f733c06eb573c196b9c8509981242364e614bfd655da9c7daae9b8fe6120212c598ee12eeb8cf9405ee50e40be141995a5d63c32c46052b7c7b0a4dcf5c0afb549b3890f3f235fd14c5eed804139985524deb51dc6cc6b3be8b0e2accb2fddcff543cedaa3d4473ce10a97038fd78e0c2069750311b9c0e67881528674e08cf00676d18d3d1e9a0d7cb29c8cf4767460cc10175aa2df83553b218aa1588915ab3c87f47db2f942777bd39467b2dddba950a342ba2dcf8b4f45a531bf21cf1c2f3ca8d8114393abade41a40696d391e0de44ae7de3e49145055b2b7f3d14823141f8d2ea0176e9f46fefba797fe699543acacfe2a78c496f187fdeaa3199e4c42f237de7510e171c93d6d5c68279cd778610fb3e7ce73d101701ee0fd17d2a427dbf86d9106a9a5da9b12707c4c8fde4fe95ee107fd918de659310046f3a37a88b3ff21c3298f5d066e25fe9db09d6ec8c3e457f264fd749ce07e54055bc33fd89fdb5683fd2b0bdc6509d3defe60f242b2257a2173f2bb3a7a17a7daea4086cc2c797a425c6dd0a29dbccd4a27a523476d3f8e57bbdc8750ee2a53a28995ed4134fce3eb6b6f36e2bddccf8c2ae08dcb5b879146eaa18bf6bbfeac8abffb4cf7f97499ddfab200efebeea6bd88ead8b3a86743b195fe8ce49bbc3ec8dd7d37255beee2918bacf340b1f0dc8ba7c8d153b0dec4cae834cb8632944d048fb46753887514fa02efecd250897ab619018c67ef1c1c122e765bea2ade18f0840ead8ef72a5d7a6842703dd3cd3036dd890921263ffe2760a9b538eed1274608c10b8034b25ec6953ab22cbafcb6979aac8cae6fcaa921f3ae83a2f380a50150071366fb83520c6625942d653117d62a7e2826ec5eb1ac5e9aa9b6c51e0835fe1f8d4cd1945465ae6c331a1f895765ef04d62ca268ab3fa3ae2597524298c30bd75b6dfaf74fcd7b1baed3afdcaa94db22ea1220ea1aa9b7d6ab1f92a0889bbb08b0830f2a62341b32de6d0052013b624d076d606f78ab96bb9879713e741b9d14dade297af581cf300c09973848323e52de0335734885700f012e623b923514bc740ddba45b76c32bab4659c7fc00e16b5eb8f6cb3042ca8d3e317782499b863531c810c72d5fa5d9243f056b478529a31b91d9df089bc37d92c6f08bc1027e019e29ae54e01695fff0b333956926af9e05b82d33ddd78b2b2c3929a4a0cf35e6ee7ee54e40ba026478c0104fe8cd9d287f7476af6a21803827044c462f2fa9cfa5031f59f0b755037445c9369a54c4dd6f76aab29b52f63b538c4b20cf4a08698d892bc42cd5ce00b593bd50df4860799f1e5151e9b3cbefb88e5204e105571bfa8aed766d18d4c3b31029657e87fbae4b62a9894cd527d76d5984a72cec7ce81a34e6dbb2d418665d35353e889bc0c15b481eb7d2b15d5781fa33eadad2c82c941200185eb4f4a7f1bf0b32c7bc16a188d0956ceb46184e2167450652bbfb2e62582c90a82bf4ca7d2a1f1e3fd2865ee9da305479c35e31bebffb4433250361c8777fbb709448b7be43b7cd1668ca50554e07731ec84a618622488199f8da17f18e2d422ddfc777fd7dc3a45bb9d1c14edd9b02606e305e4fa29e29406cdb4ab6779fd329d363f175fbd27c7c0db8b3f0cc421e8150610a3b6316f07ca316d05ea3290979318da8670d8801b76af79517fc53d5e5208451a2a8136251304f74df9aa1a45e4fd85f1d1ebf69da0c847f42e6e99e22ccb27e79792e319a7da689fa1cf6fdeefa425af18ce2db0d1bf05215bc9d921b55823efeb077ce0194731b2f563f6d854ecd0b2a30d7de7eb6f4b33eb4fc1bc2158b9fc6836093cd83c4c62597faf7a10678f6bb22ba4641b409039bc3c7a43c3ee68d44ee689439dde7603c125425d549f46a3b55f744777278e164fdeac740e1a34ae5207f49022a253e5e30f362e9e2f4f5a8e0ea44817b6339cfe8595e84f86d05a975ff0c3fe1ef02895ea5c9610647559e550de6af6a10f7dc9057a76fed50f6b76686937ffb0e57dc9f202334165052be6ff87f162b411b888bd706e1055cb9e290b228d1ec50e613fd4b938fe884fc12b3f8fc2fef58cfe8564a0bc5df88ff646964ee9884db2a836140d95678d027c343afc9865f5a16ffa5ce9250e53595e63cadb22615857edb4180c967e95538d1bb005717620e123a80a82920503d859a7c34b8e4d6d1ee3e2c2b6a3497d83eb0f0e9df1bc9321029ce2147cdc8dde54f40cae733bd9d2337819f797855a544c2792df130f99e43a95aca27d733a075656e3fd1163f9f0cf36516487b35899409f152470618ccae0ff39cdea80231155cede63c007da9c591fb79018979c2eb30c9933edec53fd8ddbab21e8dc03806149a99410bb2cbd86e5b4bc73bb7a40e3a6e339cfc494b63a5e3123eeb7e78d67506f09278f14333aab6cd05e6a87d5a37a5350de2a2ae9ec4af00ab02c046d49fb1dc38680b3a0f47872974df29d0fdfa36e6e1fb5138ccf6c67fc12ab8830c8ad9332b6d9c2fb8ba29ae48c3dd8d9ca36f3e651c1eaa9d7a2f1666e9ec3bf8e1e51e528766d6eeaddc240779f8b05ba35ae60fc5695613d527cb4e36e61552b7de21845cc1522c2c20cc0f410f23cf72321bd7032310b2e0d414bacefb93a3f43a482f86a315cd99e9c85075a43ecba63c4dbe880bf3dec1ef80d95e07d55018698420cacbdff14609eb3ee521f8ec38173327f00980458858a0b5406f0607d9985dcc1bc5267cea31e08767812a735b0cde11b4839330d658238ca9df018a2fb9b835c72288a9939846fc21e07420b65f4a720edb2a121c031452fd54ae26cf36b274eed1a538fc6a7861b14a15e529ad978ba27902169f9e2f99612f1f886480ca65dd0aa8146c16e9b3d87a0a417b83594a57afb8b74491308f4d2097702d559810526c04be9bc5c3a64e6ee84eabd9e14e42e036bf44f8e8eae601f814c408487e94a193da75160122c7070ed89567a8a7e3b7d852d2fbb21cf477a5090b20e442ec88a1ecf3619e7ba32333655ef5915f9194b5504e4112e8a1b32ad947dbf532955afa310aed5ab4703645854002489feafddb08bf6751b906c307482c02fe67e58d2db8c727d2190ae6b3c981068a8ec6ba08cfd7b558b7ba08f790e29bdef55053908795eda19fc132740b7b8201be4e93d0979d3077effe52f5d10d9d9b4aefb8a0bc0e95059dcbc03fdef06375913a2ea982f2af880521e9502a7fc3eea33e6e517072eb666b51053e59f7971dc7af286d4df87f55d53251517f476b16d13c9ae2626d12961638ca7ace1562627ab3000bc96d9b71c567954287ff88124a597cef7d476d6cc713b7fff24baaea44cfcc6e8aa0f4d82cda4a1399b1c9921544126f927b804376f9821448794a85016097251c1b0ac78868df1c144b7c4819c66882632c73488ce1510ece332eeabb9bec6ecf59d53b919b8589fd646186a5613c2907298c7692c829927a7a48d9018af5400e8ddbe2a1159e8aa803c9351031dc88a2b89f05ce5cf9d39dcd2f5a66004431517716c6ffa697828c7500a3cc8a2e8416a1896e5c10f73f2ee841c48c546ffd2914af4b460cd1c719764e30915761aa94b4d236f0864c5cac365ed4a327d19e27c996770f4b528f6e13b0cde4e938d200e63e7b77b5a67108df92de24ac66adff658164936be6f14a04c8d7514b58380733e5fc23107d7a6c349714b5c35b938f1c7707cdf7334063731510c74e78e1dba189a8b1a6e58b8e1c0b13eac4fcc9b423ab10919691f3429e115ad76e6455c0e2deb015f6502dc7ee2dca8afafc28c65b145d2f8dd966d2d67cac7f5c2fc6e3e65af70398aa5d1e640c09695c398ffc02dba86b0a6e339e9a5e8ac6892ce1336f2b5785c44904e89d9528c7a4e72cd6e3cb87a78186d31b78c262f0c0fb753c3fd1cb3636ec1dc38ebea08dc96536447ef242751f183f6c30e6a8aa1a8228c451e7c8562cc09a481f00dcf64b603082490d8af1f87edd3e47145325f6b75834156b353942bf5e0bf0146e1c77bacf70315d2d7ac9ab777ea57bddcddc4d22bb956b1e2f53aac4e1ae7a591280f4db2ab6bbeb1e0c60a7f92f233a522315cc067a82e358d3358d37fb90ddbff0bcc5d95af75fdb02f865d3fa33dc4f85a75e36c6b9c2495b115f09a4018b0ed8792dc25c54a417ab39d72d5000782407ea7a6f34c7dc71e68dcbb17dc0c17c4bcbba67d8be86d24dab430fe7f7224d7bcccb0b7d4652a2ee1eb6ace82060ea5daf49fd3e36b4bf65e15e4f65e5afee30274a594a2c5768f88f540649637efddc2ecbce127b6267bcbfe98124156301caf26d5fd0f5850b9fb192b9b40ae733a05a90b5a03388ddf4b6699e1155110dd3d402e9214fdbe6ebcc1baa6ea27b54692809cf4adb6bdcd0c54cd30b93e0f94afcd171fa9fb93e7109d95fc06a07313cda77376ae0b12b011ac33b2fde0bb0732b8990fdedac726b690dde5704c66124c23d959cf1922eab63a3a1e8c875c6f7c2bcac17d66e148173004465d85789b632a6c4b82a4c2d2f4d5c64d17c52d767108161a85977b49525a50bc464b53b7f9a7996e73b95d3a526f03ec78d870ff42da65bf1816f2db8d839601bfbe1e6494580efb78dd7e833e16055bd43f8ce4fb3702cdcee4baa0f92a84c7c3070a9eb58eda66ea75be5415f622b82f6e2db2da312b1290a7efa1119de4e8e2e7ebf3b59ee703b79608f7ad2502d183fd07160828e00e1f7b94d27f89f07333a1db5f400abe6b5a8f65c6cbee7946cd0923b4fdf6448a11612a1c8ed88db91ab21a95e80404f643d15d956b1750946681422b4649fc81f3336deec9c63e33c0bd55710a3add39d87dfa5f048a854f2ab2abc197df65201d12ad5ed096e94b557e5ec81c733ee09455038bff9f2a5bf42a534d7d9ed3b2fd65aa0d8f42e0ade2a8ed3cb423b381d937784153c1fd52ffeb7d9514ba0f319ca946808325eeccfa44c77cbba060052505c71251dac3393f84a668da87c47a87ad733fa92ea05564951d0477d75cc808006f7e4e7c0f94df454779366c7226e4a1942720d10dfec44722ea6e70aea70b0dccba55529c645b07bfa8c07646bb68d1b4fae317f394e782a2e20a97fcc3695b61e2e854805ede2294ddc3f59f5120d11efecc1c530f7ebce6e6a1aae77c3037dce61b26fadf0f5adeb9ccbe01144ea49b48be96a2a142d9cb47c451a3ffca7112b94553a75394d19a92b128dce22796dca720cf217f76e0093e4224d412d6cadfb9a39dd792896502fe952382d8ec383c2419859b20fc774e20f4e11581ce1025bba9b2f5ee8e9db01fe55d23826c905e3ed221a77daf560db9b8ee13de5abf83fccacd346b5446b433a88671ed7c164dde52561110ceb810198346d3472f5a7068056f7bc81a820b8e1c9de1e25f7359b1c89f3845e0330d4120cfdae5e031dbe68634cd86c7453675b4c43fb6cdfdd94a4dfb544c12696c5400cf71cf98e76"}, {0x7ff, 0x1000, 0x82, &(0x7f00000012c0)="40c6b1d7d1c4365d8b15a5cae6c79c6ef2534e4eed4826dac6fc117cccd78142fe8ee84000fddc6eb4e9448b3c1c8aa57ac386db178369e49ffc370b45fb37b5f43824345c6eaf56020ea9d6f9437719d6da8959a05fe789a94f73496bee573f0e76e823146f254940aeb02aa29d6aa39dda73b7a29f1a24e92947ae16308c52bfee"}, {0x2, 0x800, 0xbf, &(0x7f0000001380)="056ff52b96770d2204b1795892e0e20e1081e5483a41899d9a31ed0b6d77716328fa24d7d7cb2154b22058da866f9c0bcc9580faaf60d5e7107cecfb1d01fbb19d7c4ad83c5f228315dc8220b3001679f26c26f1c74f1b7cb9ec1f22624d964bc85103b25013493d0c8d246dbc549f96d0c170e21b13dc86ce178ef7575d56dcc17924ad71d01fb98bd41f7b6dec5412b6b064605f2ed98c99096ce41c673c875e0da4e3110645ad576940f1a9f7f3aaa6f428f4051465fb9313bfa6b6d77c"}, {0x0, 0x8a00, 0x9, &(0x7f0000001440)="c29c4e89984ab6f814"}], 0x5})
r5 = dup(r2)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000001540)=0x400)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000001580)="c4dee1b6cdb6d9666e61ee12d79e7e54433293b8b883676cfe337a4ae92dcfe1011ead6e7b2398969ca5d30e4ebc0b1b1f26b46920edc91b40449b0534e7ea3bbd3089dae9c8942fa7ebdf8b7e0d28501b2a0d49bfc2127a41ce5527c5b7806a6df2b33917e3f1781001f0e6c2713138d2c40d0460e8fd26a889802457b0a6362914621f35be0d2658daf0c6953dd742c6d9d89585a687f957d575824e115d96aea0f52f22ea5fe72b791c4a572f7519c8ad379b4de00165b92718d31c65f2b2839956c86c441da94de8c5f18121f626367b4291ac420df4507c1292fed0b484fa8f3170a7dcee49a934cb687a42dc57118996b07310b30a9136f94171f163f6")
ioctl$I2C_SLAVE_FORCE(r0, 0x706, 0x269)
ioctl$SNDCTL_DSP_RESET(r4, 0x5000, 0x0)
ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x2302)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, &(0x7f00000016c0)={0x3, 0x0, &(0x7f0000001680)=[0x0, 0x0, <r6=>0x0]})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000001700)={0x7, 0x0, r6})
r7 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000001740), 0x2, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000001780))
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000017c0), 0x2, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r3, 0xc4009420, &(0x7f0000001800)={0x4, 0x6, {0x2, @usage=0x8, 0x0, 0x80000000, 0x224, 0x4, 0x2000000, 0x6, 0x7, @struct={0x4, 0x95}, 0x6, 0x1, [0x7, 0x3, 0x3, 0x498c80000000000, 0x2, 0xfffffffffffffffa]}, {0x8, @struct={0x2, 0x5}, <r9=>0x0, 0x8001, 0x8001, 0xaae, 0xabd8, 0x800000000000, 0x40a, @usage=0x7fffffffffffffff, 0x6, 0x8, [0x1, 0x3, 0x8, 0x4, 0xc9b, 0x6]}, {0x7, @usage=0x3, 0x0, 0x3b1f0e40, 0x7ff, 0x2, 0x4, 0x6c3, 0x40a, @struct={0x62, 0x2}, 0x5, 0x2, [0x1, 0x6, 0x8, 0x8000, 0xe32d, 0x9]}, {0xd, 0x200, 0x100000001}})
ioctl$BTRFS_IOC_SCRUB(r8, 0xc400941b, &(0x7f0000001c00)={r9, 0x1, 0xa})
r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000002000), 0x521000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r10, 0xc01064c2, &(0x7f0000002040)={0x0, 0x1, r4})
ioctl$SYNC_IOC_FILE_INFO(r10, 0xc0383e04, &(0x7f0000002140)={""/32, 0x0, 0x0, 0x2, 0x0, &(0x7f0000002080)=[{}, {}]})
write$dsp(r10, &(0x7f0000002180)="1eb2090ee7ab149bf399c0e10019e0f444620a8d80b1a5629119e94b56515148444ba06ce2400184074c8eeff79fab360031ce34e1f3f82e36ce018e9680f17d3ccdf17042647cf0f8323304dce9749278786e3070a23d9181aecb8b4c35ad285c84a3ba80816e648a09965ee96f3c7998bbbc735bf5c8a72c7767e9bfb286ee1b886e6acbcc89dd52fb48576c787f61d986de016bd382abe951ec5be7e1b0", 0x9f)
r11 = syz_open_dev$I2C(&(0x7f0000002240), 0x1ff, 0x0)
ioctl$I2C_PEC(r11, 0x708, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020, 0x0, <r12=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f00000042c0)={0x50, 0xfffffffffffffff5, r12, {0x7, 0x2b, 0x9, 0x10000000, 0x4, 0xa, 0x3, 0x5, 0x0, 0x0, 0x40, 0x1}}, 0x50)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000004340), 0x444900, 0x0)

21.46273854s ago: executing program 5 (id=6536):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r0, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, r2, 0x0, 0x1004000, 0x0, 0x0})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x48502, 0x0)
preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

21.298339569s ago: executing program 5 (id=6537):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4018aee1, &(0x7f0000000000)={0x1, 0x0, [{0x865, 0x0, 0x5}]})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
ioctl$KVM_SET_MSRS(r3, 0x4018aee1, &(0x7f0000000000)={0x1, 0x0, [{0x865, 0x0, 0x5}]}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async)

20.714927186s ago: executing program 5 (id=6541):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r2, 0x0, 0x0)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x5412, &(0x7f00000001c0)=0x11)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000001fc0)={0x2, @vbi={0x0, 0x0, 0x0, 0x0, [0xfff]}})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$EXT4_IOC_SETFSUUID(r1, 0x4008662c, &(0x7f00000001c0)={0x0, 0x0, "08545aa572ad423ef94901d3f634eefa"})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000380)={0x2, 0x3, 0xfffffff9, 0x9, 0x15, "a294e7003e805a9d1b78d681c441000700"})
write$UHID_INPUT(r6, &(0x7f0000001c40)={0x8, {"45707fe6c13ec0bd03e5ecc69c764fabe1f326e479445fcb5b205f8c3b622124e794bd8e155f4d904619803fd30c7c202046abd5cd2a26aeb32d246533b18dbb112bba54737fa3db4899cfbf40d3f0c487e58766cf9c7b78842142fb94c1a1c94a4b98b0cf1fed922cdbea0b164200d9f958ecd17c75d4b852a384e41367b0298b005bb13c7050e0342de230db20f9a86fe5fff6fff420f03ec7bb88747480857ed08bd7b1c7d178945f1af284d8ca636101edf9c287491e9a33df027ba595b273a8ed5aa6e64d7d3b218b76dc3566398b63e3a8dd3de57079ca6118e08a919f343ead86112d5dea53d5318814f9ddf14081758874653d15a71d0a4b7b18910a03e474208e31ca08e010c28aaa46ecc7c466cb8a06ee6047ca4ae798dc67f6e612afb9aca11097fec86fd5f12ffc6d43e70d749ed8962f2c9d7e88c49cad8b6af5ffca7d38eecafe276f318fdc229937052dee824a11519c054b9716a45703baef71e935632522ac184812313296a6599384899e8015ca5812cd608882ed02e8bc602bb3fb28b7e2bf2128e9fbe97a1e27e074586c6ebb0449ae67c56a96a0b0fcddadb770e57ef7377fed2191d519f222f8a8ce060cbeaa0428c835884f62fca487cd834ad600a5f68c28840878f9f519238abac8ab71c985bd0cdfb5bb1448cb8bb34a59ae512f2deee1f404e0d0c603c615a09be57ef4b94005ee0ef906239d56fa9f310b1be21098ac02db6302c4950496fdbc249d8ffd7cd19e7e26464e712c3184182b57546ae65b77ce55edeae4ee690a0db16b5c26977d36a3369c58ee48588f0ba502f4b584ccfe2e0f60b861930f24db34307ccfb6bf8139b0f8dea88413afc00bcf5582f211348df402e4ae1556627ac3f07dcc77d44d9454ba8eed51139ffdcea61172920c3494ff0d222e6836f8de22d66b10e3875b9b89a48c4ae134e7d81049039d186ea8995b5a289584437c54eb5d03197a7b81e2339f633dbba878eef49eeb85ee34df7789295c5491584af81f8f53487b713becb9a285f674d4c72b188ba6f767ede8ffae64842ecb82b33e799e90f7e977556884664e978e9dc7686c5d1253d4328ac7d95c67258a4fbc267a29b515f09a27a87015756c825f3ce309a2d8b089f2aed4e560d2b154d40ec1fe9cd01ecbfe3b025ff4222891757b376a9cbf325820912f8027ddd963d1ccf549baa912c0cf4817bf1a639dd5b39e56a63d108d914169c72577bc45730e1a9e20529a9f6a8aee9c83da159467c2f77212c1b9eda16804490198a29c61efec362dfa448ffa56a8e120690222f8e56ee6a820feda4173637e34c1aab938637ff82aad4f4f352f12ff9c164a9a7ebaa7a17797764b2bacae18898c33e8c759298eb94db0b8e676b6cc7971e6bd80445472af014f7470656d2566d7ca656acd4135e61dd4545f2d587ea05e6161db82f298bd71d610e50a092b817789473f5da3d32716613a1b09bbda29d501eff30e9993271f20423e74a2a0a1662f99f73c27e855d32796bc68a769e92e2b5d659f2ebd132dc9bfffbf031cd225f7e83e321160b65e55ff38462e8a36a4c533d30302d8102bcb41bec2abab1984b06733d370c2f3363a8d5e30c08f0e74e9e876f72745f574bc80fbe25943896ebe04fe72cfa9de6ee8506ad70c3be65a86eaf4f1fb913821afc85cf985b841d8ca96321dc1a31724f0b599c2ad147713692ecde7238ac87f2f426169bc060281c460f0e1346a92f464ee1f794002d3187a84fc6757f735cbbf42c41a0bb5d99ca04ef3792276491a1232fbcc00f7caf321ac9951a6517eeabaedc207c6b4d9c8f4e5a458d7def6c08a508b66ed3ccae5b544f0b84c9871129c4f6efa804404852993483d06b9227a689cb37a605b43265ca46ebe674073fbca8f83a56856cd6d5cf6e018dea75ca325b2365527888321bc8686069a7dbdc8b22a32c20e07e79eca4f83902a7d02c641bbdbe66a1bc18ff132c770b67964cce6c3800c05a5f0e0253ebd85b825e1c692887e36e4b938ac97507979aa39459ea04070fb078c63c334eabbc1e6444ce1336f98a41045d2a576a049d07368e027b182f6038ad38c3359dd3de78544dc621f9acd4f0540e117162c22e753462c4be2065724c3429b75b4db74e89d84f2795aba986dfc2b1fdcbe98346260cb9748f454a65f4b35b874ac5910184ad0fece39f01cd50663ca2462729f4cfa4e756c0cb6fc397f77c8fdcd7c9e194705e522ca83c625c7fab6ea43aad89db0b6ba71eed901209fc7330e8bc671aff44e5e48502abddc2409b52ece3779d3b19c1832b30abd3f81a9ff0c68fce42ad9c1941f03ce33ed9d37dce98dbe5e1d23519d22087f307e870c82f028e96fef580c4c8c62a32c2776eed31c3d8bddeb43cc53ab8592478253b6de3095d6828bd960989b9ed9879f863d3128f708eebe99f7701823f232444f2ac9830da973b993679e1bb510b2b6939847751cd0d4642d7bb899e21a7c26938fae9f1b149ff19032b5149b4cde635fa99c2160a8cd6f7ad6a5a242b6b31e253e04ea72f1b6f60677ef87fd8e175373c24822a3794134a3124f2e109a59d9db08e48f845254d4b68c42da5b2b2f3c3c528f4281cae4f5117cd0a4658e9ed1dba09656393623fb13fad1cda4eaa602176aba55ba251817017338193512318390fed2a914739050b1a85ca3833f71aa7c4c8fb45158b530c24bd4316f72c9b432a1bd067cd6fc64d646cc06bfbbf990dacb32de9496a8d730cc07171ce548957d435b2f121ea4bb939f70785ebce86f0ad6d89bb71cdc1d0897284ac5d09b95a76ddbfc787a98193b9cbdb1d3ffd89d5f10b9bbb5d41a2a33f73385df351db85c83786db3da558d890f414b21615160dfcb3b46f0958d492bd6d056550c48e5f0c26dd10c1c6ab3b4c6b7d911db5ac463f8e37a8bbcc2295fe79fa109f491a126fff6a1ffe161c7787f746fc8ddea5f19bd20fabca63aa81ae2d725e0b250f27fd7c8431ef6b2827904f62b5ffefc9bfdfb7d55ef6d9883c6ab43c5214b4af237d0df67afcb3d62e80041720952e837e65a22351cb3bf8a9e271568597f79f12144495d31ef72fc36a86e9eb4359790aee88c00b05473ac1a90b8bbe0c0db99570dd9bda506469c258e145841d9c26c9f32722a678cf25657acd124831cfc6a1809e341989b46b6df9db72b18f8be39cd845669bad697bc6bd9bec531047d5fa9e201e1a525c372367f8495280c5d93a62f9fb6f890c59959dcbac7de68e3a417befcd11c722067aac4726e2fdcabce2321ea64d9fbda04ab25dedbcb441faaef2d7bf024fe765591fd0354b2bcaa243a6d741272d4458e433118568944047eeec85d3b0f5b98cbdad0f77371be15af9c1bf928eceb652c581fa638e2131c22d901e6f047a5649ffab5324054389ebeb47ff283e0f0ffe074382e520c632bc440cbeaa68770877516e101709489bcb643b187cb2715e58479074cd32d53077331453fc537d34f87a7ec5e5da686c2f304116394e2bd1e480f5da74a6b725d526b71dc869df8dda3feb44f5463f4c678b6a8be34994ecb0902b3cf269de1adf0da8b8ad340b63a6d0237df7e812b94572adbc196784dfcf33e3e97a17b71a2dad7015fb2d59d4c5838ca551984c7d8ee7bf05ab3edf89029ffd20e373fcb72523bff1e63df721416a068d7b2daa3e17fbba8e831c53e29a94dc483e289cf7406a7b2da28ecc761cf9d847d39b7daa5e34a2a0e4dd19ca5c4a1ab274c7fb9a3057109ec0644579f1af210f8b8133dd87f1abd7c71ac09cfc38699573b35e6d9c5bdaa21f16442b87860e9a7f62ff7c2458160c6a64dc218a258ee06e222e47b3b8e0cf5a5c2d9985f886f32abd129ee056fae9b2e32d0571532eab27fa8f079f9c3e378125f2020064850cfb19c53aa44ad8da6f83a5d827bcb131da9d4dde6e8bd0005ef240c4a02b17051845c35725bd8668c3b27b46355febbf2bf3e5dc5ec650499669cbfe921815396d87b3ede410d492cc73ec7f3a40409eed9358131f1f75e31f24e34af6fc7b6fe2730fd043fd69269d939772e7fef5f2e08b657038a61bc8a8d5688b16029d15aacefe6631a364769d3b9b261bbac584c5ba29b7fbda146fc2ac0f1044f89141a57292b87c7275c6ec6011e5b4b40d1ebc4fc32e7c7ac96aea170225e60c189ed09f8df0a143232bd93c6a9d0fba9783f303b3375b10dde9cd501e68df3734f6278a0389418578834e1912806f07e2fa715bfed4bc707559ee3d4966f51cb652b06b747ae2d79b56759035f01953e76a2dc14c817eb0f97332e68c1d3995dcd84b2329194299944cb2c050991c409fe447ed764a9a3a1182bc30f773b0b415c1898460150c9fec8987c24ba07f87f299d014bd89049b3e9d0c9bf1c6bf159545e52cdfcf9e799b593cb411a3db12396dc9c09ddeddfcb6165a99074e531b7ceddaf344baf2e65225203da537cf09fc073d61d92c13a1c95f93e70050b99850272d0227a89faadfbfae923501b0321984b59229b7dc3c646bf4e381534fcb31783c568deb1a36f95c873df99ccab25446c77d96de6b2c70d5baa5b27786e8027b2f70be117bfdc1b2c6d72a6ab2f9e9a9ce231443d0621448e78393142f90177e7bb52976c668583c64beca45af5ea23a060ec910c6cd89ba7cb9cbbd7627ee56dd2d4d60d994cd63e81f181642b8864afa797aecc22358eea8d059d681a333caa15a8c56918523d465e94668d6ef5f3dcc089bffb13ad76dbf79c44c14f494fda3a55f61c3ed659e20a274297360576fd3230b3e4b7e79ea5b7d78c1def22741a38d17b39c646579d8d5df4cae4eca98d1c0df9371532fe89efc2c375fe433699ee14fcd4cf84495d380663aa10a374dba851536b8159deee491ed2c0e2b920bf7c5627db54562f1ff9c56795245be220391d6b681360fa221efc91faf57d80f15b5e3d881cfa30e1145dbde325c6cc8254938a9eb906d846ec5f76f63443b8f2c50db90b6563900a8f97947c82caec3ce4ee3a5e19fc3324376e4b041b7ed82d9940f7a63f9f962f6d746cb781dbbe16a90649881a77e8ac40677e74d87beadc50df2bc624aa6a707cb50c8ee749db526903f38d706df0201bf503b759d320fa940838ec74c914d0de569ed9ffc6eb2cee026ce22cd50a884bccfadbf503892930c4c4dd7efcb3caaac1695027ed66f3f29c7a1edade721bac0599ff0c400542d31d5dc235ddca7bada9cabcf427e038e5c6a54687b955131c547155036401c7a9a44b3b0437edaa30635b84e37996bcc8594307a6b6bbd8b06daa994cf238925485cd9ace35b3fdfd72788199b6f0570eed2078a4b2f36f511a68566927389ca5ce1c854cb500c2693d7a7917cc8f1215608b7dd2ab22de43a5cc91309a4db2a4c29fdeceaec4a604d13af72a60ea50070626aa6d4cfa418b95edda37a88db5218a1e096436a3551ee712ae137217cd0e941c31e86839e3a9aef8058f5f3196a5006f5a13f3343c0cbf50f9a27c7481e62614a4c51071df6c9a2e0058e534be00c510052e03148c79cc31256359b330c0de91e6130ce741d0472a838463987b9cb80693701825d0af139207f4ff1dc5cb92187170acb8c217f26b1a0544021a8ddce3e31de19b603a5eeca75a7a6234f75d890322a2dca481bc814ba65893cf8e4492094dfe534936a4378e85f680559f4ebce2cccdbea2c0c1e776c4cf50df6b0bc2effcee0f2c76b5c478f9dd02e0eef9399ddf2ba449e03cfd5d33388b0b683c3ce0d301ca1ba4ab", 0x1000}}, 0x1006)
write$nci(r5, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES32=r4, @ANYRES32=r6, @ANYRES8=r1, @ANYRESOCT=r4, @ANYBLOB="13304726d44ea1840b7142ff2905cd20229f4d89d2ae6810e95ed55589b20f2da264d29959f11c48646c0ed27b7aeb625ad45fee7f703d51d1f3e7545f88d9da66a0c530a8468509ee08bbaa933b48f31d8b29a46b1aad8797ac1499cd14d32fc5e026fc0ff4e33d53d9fc37a925b21f0f1e008e1657b9dad2772e0dd3d06a8215852698dea29ac81f4e65c6776c1cb5ab58766ee82c56c5f8feac48de22b1448e47", @ANYRES64=r1, @ANYRES16=r6], 0x14)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r7)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r8, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

17.125139674s ago: executing program 1 (id=6559):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) (async)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f00000001c0)={0x70003, 0x0, [0x7, 0xb, 0x2, 0x9, 0x7, 0x6, 0x3000000002, 0xffffffffffffffed]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0) (async)
ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0xc2664) (async)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0xc2664)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0xdcc2, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r7, 0xc02c564a, &(0x7f0000000080)={0x0, 0x1012})
ioctl$SNDRV_PCM_IOCTL_DRAIN(r6, 0x4144, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000280)={{<r8=>0x0, 0xfffffffffffffff7, 0xe, 0x1, 0x80, 0xe43, 0x800, 0xfffffffc, 0x4, 0x5, 0x24, 0x8, 0xfff, 0x4e10, 0xb}, 0x18, [0x0, 0x0, 0x0]})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r4, 0xc0709411, &(0x7f0000000340)={{r8, 0x5, 0x6f61, 0x6, 0x2, 0x1e43e1a7, 0x5, 0x2, 0x8, 0xcd92, 0x6, 0x800000000000065, 0x0, 0x4, 0x8}, 0x8, [0x0]})
ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f0000000140)) (async)
ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f0000000140))
read(r0, &(0x7f00000001c0)=""/157, 0x9d)

16.818985863s ago: executing program 1 (id=6562):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000b014df2251bf2fa300"/24])
read(r0, &(0x7f00000001c0)=""/157, 0x9d)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x0, 0x0, "d20bddda7d1db9342de76eec7967fe97751f13a23aeaacb0565c1c2251560ed1"}})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGETKEYCODE(r9, 0x4b4c, &(0x7f0000000180)={0xc, 0x4})
r10 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r10, 0x4605, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000001c0000f400004000000000ff01000000000000"])
r11 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r12=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r11, 0xc06864a1, &(0x7f0000000c00)={0x0, 0x0, r12})
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000440)={0x0, 0x100000001, 0x1, [0x29, 0x9, 0x8000, 0xa1a, 0x7fffffffffffffff], [0x800, 0x6, 0x0, 0x8000000000000001, 0x0, 0x101, 0x7, 0x4, 0x17ce, 0x81, 0x0, 0x9, 0x3, 0x2, 0x0, 0x401, 0xc91, 0x2, 0x101, 0x4, 0xfff, 0xfde0, 0xffffffff, 0x5, 0x81, 0x6, 0x8, 0x38, 0x5, 0x9, 0x4, 0x0, 0x2, 0xa5, 0x80, 0x101, 0x9, 0x4, 0x7fffffff, 0xc, 0xf3e, 0x7, 0xeb0a, 0xfffffffffffffffc, 0x10, 0x1, 0x401, 0x2, 0x5, 0x3, 0xfffffffffffffffd, 0x554, 0x5, 0x1000000001, 0xfffffffffffff022, 0x7, 0x6, 0x346, 0x400, 0x1, 0x8001, 0xfffffffffffffffc, 0xef0, 0x5e, 0x7fffffff, 0xc, 0x1, 0x8, 0x6, 0x1b, 0x5, 0x5, 0x6, 0x80, 0xfffffffffffff801, 0x4, 0x54, 0x9, 0x6, 0x8, 0x7fffffffffffffff, 0x100000000, 0x0, 0x1, 0xc3fd, 0x80000000, 0x114d555b, 0x2400, 0x7e6, 0x5, 0x7c, 0x1, 0xe2, 0x0, 0x3, 0x3, 0x78, 0x7, 0x1, 0x6, 0x3, 0xcf1, 0x8000000400000001, 0x400, 0x4, 0xffffffffffff8000, 0x8000000, 0x5, 0x4, 0x9, 0x101, 0x7fffffff, 0x1000200000000, 0x8, 0x6, 0x8, 0x9, 0xf0c, 0xa, 0x2, 0x3]})
r13 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1e2e81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r13, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
r14 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_ALM_READ(r14, 0x80247008, 0xffffffffffffffff)
write$sndseq(r13, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
r15 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x44640, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r15, 0x40505412, &(0x7f0000000280)={0x1, 0x6, 0x8, 0x0, 0x4})
r16 = dup2(r0, r15)
ioctl$KVM_SET_LAPIC(r16, 0x4400ae8f, &(0x7f0000000c80)={"5228e134921f15d61259ec0df63cc74774d85db43a7a50ce8692a61a756f79b960e66103c29b24c0470a0b6edf4331b2644d599fbe151ae19d0c0bd190de67a5972fd74a8243d71c7b0d16ef0d4560e067bf11a37e8a2b80affaf87099820ab7ccc5d7e6bec9bd3d46598b671be3f960791f6b3208f938e72e10225257a8c6f421f845b51e9acdfec61f90f4d60afd3faf24d19a556b0f560938e6f0d72e9eee1e669826ccbad84ce436cfb22ad66d60822b08ab0a055033e5d2b0657bd37656d8429b9be90323d8652e678b4fa1be142d388b123ba985429c3822a6e41111dbdc2504630180c6d896f72db74809e68cf320e5005fba02d54d5bf3c5f9de329fb269d79b4fd43fc624046a84502b7e2d3c85bbab2aec4ef3af76d4149220738ac3d751180cf3474b89747f230113d3af5ad9e6d35c9bad03b4b567709b7cd317df833ae760dc8f33ccb4b87d35d97aabd45b47be7f1e054715be424013b00372083b8cc0ec9eec284ee8acba33ef3fcad46550aa7a30f7ece7f84574450177e9ba9f6cff78f68a6d4d477c9e75bede5b88b3475b94ce006af1c4a4cb8c0b0090200554c862e745f1e5b4dec48dfb2163a98c26c62bcf7c0692bc719807ce8d27b51f8d06c68fc3d0e22db1f67d834d792df5bc808e720f359f1202e3c49ab14be354628b2056264ba69d525f8969f0867a7943e6a6d436f6fe37b1b5f24fba66889ee9e19e8f3cf0d124c653e2395a71148e0d6f10ab5820e9cb1db20c267ed737d4b3408c7c542f7e9bc2f6666defe1c893e0bae4997de98c236f0e6cc6c86752ebbbf2bd900c72b37c010e8a33f95f92a745c834f0fd923e2ffe2da43273cdd4b58fd9de94f418a101cb397cdbf8774b65f0c63b3d6d73baf402212aada9a0b1366812469ef13ef7f36625b876b4dc36133f2b1593d7277a58180d7cdc64768b60feca9e6beb7c7807b4b210eceb684f32a9d2528e67f4ecdd24774697b3ed298172e58fe90cc2601e238d7b012e074721519600ff77f1e0057f089f43786f7273aada1a5b71d6552f06d8edc1d9606fb5eeb8f730ad2f848d8e298d27570fec13a00fa17f211b2dcee9dc8b60af3d919049f3e7eec322c3828a4126599032b3af2af7723384be4f50566d53cb3bac10c3e6eeea11bff068a141a6077748cb06cdf7e23bab7213e1b9dab8175352bc8737ec1badc0655acea642faecbcd3abc86943949d73b72297a8b34f592360af528f61b9c62c87a38e75155d5af066bb4f9c7efdba8288f7e83a180435fe5d03799809c4adf4a1a6f45e6302a18b8e936070fb9f07a5c6a3dc32d64ee6f78838d1d21e7de8a4b3003aba48c862145ff3a4dbf396713fb6b6dc9898586786628853792bec1686d5f3bba593698ff3ebe9a6b420ca8c8b6dc4395da3f5c77d9f0023bace3fa91bc5629af9fb92e3ee51fa"})

16.557484147s ago: executing program 1 (id=6563):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x480, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000600)={0x1000000, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}})
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000c80)=ANY=[@ANYBLOB="0100000000000031ff000040"]) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000001, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

16.474669422s ago: executing program 0 (id=6564):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000200)={0x28, 0x7, r3, 0x0, &(0x7f0000000240)='LLLLLLLLLLLLLLLLLLLLLLLL', 0x18, 0x8})
ioctl$IOMMU_IOAS_UNMAP(r2, 0x3b86, &(0x7f0000000340)={0x18, r3, 0x2, 0x1c})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x40000096}]})
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r7, 0x7dfff000)

16.288445625s ago: executing program 0 (id=6565):
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x0, <r0=>0xffffffffffffffff})
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000640))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = syz_open_dev$mouse(&(0x7f0000000080), 0x101, 0xf458fc5a9cda1b9)
write$uinput_user_dev(r3, &(0x7f00000001c0)={'syz1\x00', {0x9, 0x7fff, 0xbf, 0x6}, 0xa, [0x2, 0xfffff2df, 0x1ff, 0x7, 0x1, 0x1, 0x80000001, 0x3, 0x0, 0x6, 0x7, 0x5, 0x6, 0x2b17576f, 0x8000, 0x9, 0x8, 0x2, 0x7, 0x10001, 0x6, 0x4bb, 0x100, 0x0, 0x2, 0xfffff801, 0x6, 0x10001, 0x8, 0xf, 0x2, 0x5, 0x8, 0x1, 0x1, 0x0, 0x8, 0x0, 0x25, 0x1, 0x80000000, 0x9, 0x2, 0x5, 0x2, 0x34, 0x7, 0x100, 0x1, 0x7, 0xbe, 0x9, 0x7, 0xaf, 0x80000001, 0xfffffffd, 0xffffffff, 0x10000, 0x0, 0x3, 0x3, 0x4, 0x69, 0x2da], [0x42, 0x800, 0x2, 0x23, 0x80, 0x8001, 0xf, 0x1000, 0x8, 0x8, 0x4, 0x4, 0x4, 0x5, 0xe0c, 0x800, 0x3, 0xfffffffd, 0x3, 0x3, 0xc3, 0x2, 0xa4, 0x1, 0x0, 0x3, 0x6, 0x3, 0x2, 0x3ff, 0xfff, 0x7, 0x9, 0x5, 0x7fff, 0x8, 0x1, 0x2, 0x4, 0x7, 0x2, 0x7, 0x9, 0xd35f, 0x7, 0x5, 0x0, 0x8, 0xc, 0x2, 0xd9, 0x400, 0x932, 0x9a63042, 0x5, 0x40, 0x0, 0xb710, 0x3, 0x0, 0x9, 0x7, 0x7, 0xc6], [0x4, 0x1, 0xf, 0x3, 0x8, 0x0, 0xf7, 0x0, 0x7, 0xfffffffc, 0x401, 0x1, 0x8, 0x3, 0xfff, 0xfffffff9, 0x1, 0x10001, 0x6, 0x7fffffff, 0x3, 0xa, 0x7fffffff, 0x4, 0x7, 0x0, 0x6, 0xb7, 0x81, 0x3, 0x7, 0xe, 0xd3ca, 0xd, 0x7, 0x7fff, 0x10001, 0x7, 0x4, 0x2, 0x9, 0x4, 0x0, 0x4e, 0x7af8, 0x3, 0x6, 0x3, 0x7, 0x7, 0x8, 0x4, 0x3, 0x5, 0x101, 0xfffffff7, 0x6, 0x8, 0x8, 0xd3, 0xfffffffb, 0x1000, 0x9, 0x5], [0x1263, 0x5, 0x7, 0xfffffeff, 0x3, 0x200, 0xfff, 0xe000, 0x1, 0x8, 0x1, 0x2, 0xffffffff, 0x5, 0x9, 0x200, 0x4, 0x9, 0xd5de, 0x5915, 0x80000001, 0x10, 0x9a0, 0x2, 0x7, 0x0, 0x7, 0xf0e9, 0x967, 0x7fd, 0x2f, 0x5, 0x3, 0x7, 0x0, 0x1, 0x7, 0x1e, 0x5, 0x2, 0x0, 0x0, 0x401, 0xb, 0xf, 0x6, 0x3, 0x3, 0x1, 0x0, 0x1, 0x8b46, 0x200, 0x70e, 0x81, 0x4, 0x6, 0x99, 0x237, 0x0, 0x4, 0x9, 0x1, 0x9]}, 0x45c)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x440400, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_GET_XSAVE(r4, 0x9000aea4, &(0x7f0000002600))
r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r6, 0x80086303, &(0x7f0000000000))
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev(r8, &(0x7f0000002340)=[{&(0x7f00000020c0)='[', 0x1}], 0x1, 0x0, 0x0)
read(r7, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$SOUND_MIXER_WRITE_RECSRC(r3, 0xc0044dff, &(0x7f0000000680)=0xfff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)) (async)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000640)) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
syz_open_dev$mouse(&(0x7f0000000080), 0x101, 0xf458fc5a9cda1b9) (async)
write$uinput_user_dev(r3, &(0x7f00000001c0)={'syz1\x00', {0x9, 0x7fff, 0xbf, 0x6}, 0xa, [0x2, 0xfffff2df, 0x1ff, 0x7, 0x1, 0x1, 0x80000001, 0x3, 0x0, 0x6, 0x7, 0x5, 0x6, 0x2b17576f, 0x8000, 0x9, 0x8, 0x2, 0x7, 0x10001, 0x6, 0x4bb, 0x100, 0x0, 0x2, 0xfffff801, 0x6, 0x10001, 0x8, 0xf, 0x2, 0x5, 0x8, 0x1, 0x1, 0x0, 0x8, 0x0, 0x25, 0x1, 0x80000000, 0x9, 0x2, 0x5, 0x2, 0x34, 0x7, 0x100, 0x1, 0x7, 0xbe, 0x9, 0x7, 0xaf, 0x80000001, 0xfffffffd, 0xffffffff, 0x10000, 0x0, 0x3, 0x3, 0x4, 0x69, 0x2da], [0x42, 0x800, 0x2, 0x23, 0x80, 0x8001, 0xf, 0x1000, 0x8, 0x8, 0x4, 0x4, 0x4, 0x5, 0xe0c, 0x800, 0x3, 0xfffffffd, 0x3, 0x3, 0xc3, 0x2, 0xa4, 0x1, 0x0, 0x3, 0x6, 0x3, 0x2, 0x3ff, 0xfff, 0x7, 0x9, 0x5, 0x7fff, 0x8, 0x1, 0x2, 0x4, 0x7, 0x2, 0x7, 0x9, 0xd35f, 0x7, 0x5, 0x0, 0x8, 0xc, 0x2, 0xd9, 0x400, 0x932, 0x9a63042, 0x5, 0x40, 0x0, 0xb710, 0x3, 0x0, 0x9, 0x7, 0x7, 0xc6], [0x4, 0x1, 0xf, 0x3, 0x8, 0x0, 0xf7, 0x0, 0x7, 0xfffffffc, 0x401, 0x1, 0x8, 0x3, 0xfff, 0xfffffff9, 0x1, 0x10001, 0x6, 0x7fffffff, 0x3, 0xa, 0x7fffffff, 0x4, 0x7, 0x0, 0x6, 0xb7, 0x81, 0x3, 0x7, 0xe, 0xd3ca, 0xd, 0x7, 0x7fff, 0x10001, 0x7, 0x4, 0x2, 0x9, 0x4, 0x0, 0x4e, 0x7af8, 0x3, 0x6, 0x3, 0x7, 0x7, 0x8, 0x4, 0x3, 0x5, 0x101, 0xfffffff7, 0x6, 0x8, 0x8, 0xd3, 0xfffffffb, 0x1000, 0x9, 0x5], [0x1263, 0x5, 0x7, 0xfffffeff, 0x3, 0x200, 0xfff, 0xe000, 0x1, 0x8, 0x1, 0x2, 0xffffffff, 0x5, 0x9, 0x200, 0x4, 0x9, 0xd5de, 0x5915, 0x80000001, 0x10, 0x9a0, 0x2, 0x7, 0x0, 0x7, 0xf0e9, 0x967, 0x7fd, 0x2f, 0x5, 0x3, 0x7, 0x0, 0x1, 0x7, 0x1e, 0x5, 0x2, 0x0, 0x0, 0x401, 0xb, 0xf, 0x6, 0x3, 0x3, 0x1, 0x0, 0x1, 0x8b46, 0x200, 0x70e, 0x81, 0x4, 0x6, 0x99, 0x237, 0x0, 0x4, 0x9, 0x1, 0x9]}, 0x45c) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x440400, 0x0) (async)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
ioctl$KVM_GET_XSAVE(r4, 0x9000aea4, &(0x7f0000002600)) (async)
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) (async)
ioctl$mixer_OSS_GETVERSION(r6, 0x80086303, &(0x7f0000000000)) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
pwritev(r8, &(0x7f0000002340)=[{&(0x7f00000020c0)='[', 0x1}], 0x1, 0x0, 0x0) (async)
read(r7, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$SOUND_MIXER_WRITE_RECSRC(r3, 0xc0044dff, &(0x7f0000000680)=0xfff) (async)

15.873972286s ago: executing program 0 (id=6566):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x74, 0x0, 0x7eacfa71abeb3756})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x2, 0x1, 0x7, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0x4e}, {0x4, 0x7}, {0x6000, 0x5}, 0x10, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a) (async, rerun: 32)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) (rerun: 32)
ioctl$SIOCSIFHWADDR(r4, 0x40305828, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}}) (async)
ioctl$KDGETMODE(r4, 0x4b3b, &(0x7f00000001c0)) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1}) (async)
ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0x27)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

15.7786303s ago: executing program 1 (id=6567):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0xa0, 0x280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000400)={0xf0f003, 0x2})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[])
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7e)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0x6, 0x40, 0x81, 0x0, 0xf43f, 0xb, 0x49, 0x7, 0x2, 0xfb, 0x3, 0xa4, 0x0, 0x4, 0x401, 0x2, 0x8, 0x1, 0x7, '\x00', 0x2, 0x800})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000680)={[0xe3, 0x55e, 0xffffffff, 0x4, 0xffffffffffffffff, 0x4, 0x9, 0x100000000000009, 0x4, 0x80, 0x1, 0x794, 0xa, 0x40, 0xc976, 0x6], 0x2, 0x20200})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0x0, 0x2, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x200, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8c], 0xeeee8000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
read(0xffffffffffffffff, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f0000000300)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

15.65346629s ago: executing program 0 (id=6568):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$PTP_PEROUT_REQUEST(r0, 0x40383d03, &(0x7f0000000240)={{0x0, 0x492}, {0x7, 0x23}, 0x5, 0x1}) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
read(r1, &(0x7f00000001c0)=""/157, 0x9d)

15.607625414s ago: executing program 0 (id=6569):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f00000001c0)=""/175, 0xd)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
read(r0, &(0x7f00000001c0)=""/175, 0xd) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)

15.486568405s ago: executing program 0 (id=6570):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x1})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r4, 0x0, 0x0)
r5 = dup(r3)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
ioctl$BLKRAGET(r0, 0x1263, &(0x7f0000000240))
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

15.239752387s ago: executing program 1 (id=6571):
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, <r0=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x7, <r1=>0x0, 0x10000})
ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, &(0x7f0000000080)={0x0, r1})
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f0000000140)={0x13})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000200)={&(0x7f0000000180)=[0x0, <r3=>0x0, <r4=>0x0, 0x0, <r5=>0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, 0xdededede})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000340)={&(0x7f0000000240)="a6f81b764654449c4ba7df294005724e1749a9a2ebbcba4f95cc989593d6bd7dd9740acf10b79ec7548bc5ccdac8e0a2cd5909a62cf7c1e82eafef74cca95e64f5ae24696ea19caa0c485824b377d430ebc01b69dd3fb162744b8dcbb3ffd7067a3ad59bda14d05ae9fe54ae2d6286ce8c2f042da9514db758973014c0e76c37e62bf436b1fe2a1729ee015e5656ffdc47ce4b5a1b7e498cbc60717502f14dab7504ff1308f4f06c27fde0ce4fecf4f13f275650e697c1edf4274955afd59c49a7c8b0ac45c2b100b9e3549d670d802ff3fccb98c589", 0xd6, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000380)={0x100, r5, r6, 0x25252525})
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_percpu\x00', 0x0, 0x0)
ioctl$CEC_DQEVENT(r7, 0xc0506107, &(0x7f0000000400)={0x0, 0x0, 0x0, @lost_msgs})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000580)={0x401, 0x4, &(0x7f0000000480)=[r3, r4, r4, 0x0], &(0x7f00000004c0)=[0x3, 0x8, 0xe5, 0xf, 0x6], &(0x7f0000000500)=[r3, r4], &(0x7f0000000540)=[0x8, 0x0, 0xa, 0x0, 0x8], 0x0, 0x2})
r8 = syz_open_dev$sg(&(0x7f00000005c0), 0x8000, 0x80000)
ioctl$IOC_PR_PREEMPT(r7, 0x401870cb, &(0x7f0000000600)={0x6, 0x4, 0x6, 0x4a})
read$FUSE(r7, &(0x7f0000000640)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
read$FUSE(r0, &(0x7f0000002680)={0x2020, 0x0, 0x0, <r10=>0x0}, 0x2020)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f00000046c0)={0x2, 0xb, {r9}, {r10}, 0x9, 0x18000000000})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000004740)={0x0, 0x2, 0x9, 0x2, &(0x7f0000004700)=[{0x8000, 0x1, 0x7, 0x8}, {0x8, 0x1, 0x7, 0x7}]})
ioctl$F2FS_IOC_DEFRAGMENT(r2, 0xc010f508, &(0x7f0000004780)={0x8, 0x4})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000048c0)={&(0x7f00000047c0)=[0x0, 0x0, <r11=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000004800)=[<r12=>0x0, 0x0], &(0x7f0000004840)=[0x0, 0x0, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000004880)=[0x0, 0x0, 0x0], 0x8, 0x2, 0x8, 0x3})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000004900)={0x7fffffffffffffff, r5, r13})
ioctl$SNDRV_TIMER_IOCTL_STATUS64(r7, 0x80605414, &(0x7f0000004940))
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000049c0)={0x8, <r14=>0x0, 0x10001})
ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, &(0x7f0000004a00)={0x0, r14})
r15 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000004a40), 0x450000, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r15, 0xc06864ce, &(0x7f0000004a80)={r11, 0x7, 0x9, 0x6, 0x0, [], [0x9, 0x0, 0x9, 0x3], [0x0, 0x0, 0x3], [0x9, 0x6, 0x2, 0x394]})
ioctl$BTRFS_IOC_START_SYNC(r15, 0x80089418, &(0x7f0000004b00)=<r16=>0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r8, 0x40089416, &(0x7f0000004b40)=r16)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r2, 0xc02064a5, &(0x7f0000004c40)={r12, 0x1, &(0x7f0000004b80)=[0x6], &(0x7f0000004bc0)=[0x0, 0x4, 0x0], &(0x7f0000004c00)=[0xfd6]})
syz_open_dev$usbmon(&(0x7f0000004c80), 0x4, 0x4100)

15.169968813s ago: executing program 1 (id=6572):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
ioctl$TUNSETGROUP(r1, 0x400454ce, 0xee00)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000000)={{0x80, 0xa2}, 'port1\x00', 0x0, 0x849, 0x0, 0x0, 0x0, 0x3})
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(r2)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'veth1_vlan\x00', 0x1})
ioctl$PTP_EXTTS_REQUEST2(r3, 0xc0603d0f, &(0x7f0000000000)={0xa1b, 0xd})
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000140)={"9fc2a0544b38d5004b9277c0794199f857dc9b7ac7708c00000000000000de00", r5, 0xffffffffffffffff, 0x4000})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x2bc67b5dc0ef3785})
read(r0, 0x0, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r5, 0x8008f511, &(0x7f00000000c0))
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f0000000400)={{0x0, 0x1}, 0x0, 0xfffffffe})
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0xb, 0x202812, r5, 0x26223000)

5.124346571s ago: executing program 39 (id=6541):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r2, 0x0, 0x0)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r3, 0x5412, &(0x7f00000001c0)=0x11)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000001fc0)={0x2, @vbi={0x0, 0x0, 0x0, 0x0, [0xfff]}})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$EXT4_IOC_SETFSUUID(r1, 0x4008662c, &(0x7f00000001c0)={0x0, 0x0, "08545aa572ad423ef94901d3f634eefa"})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000380)={0x2, 0x3, 0xfffffff9, 0x9, 0x15, "a294e7003e805a9d1b78d681c441000700"})
write$UHID_INPUT(r6, &(0x7f0000001c40)={0x8, {"45707fe6c13ec0bd03e5ecc69c764fabe1f326e479445fcb5b205f8c3b622124e794bd8e155f4d904619803fd30c7c202046abd5cd2a26aeb32d246533b18dbb112bba54737fa3db4899cfbf40d3f0c487e58766cf9c7b78842142fb94c1a1c94a4b98b0cf1fed922cdbea0b164200d9f958ecd17c75d4b852a384e41367b0298b005bb13c7050e0342de230db20f9a86fe5fff6fff420f03ec7bb88747480857ed08bd7b1c7d178945f1af284d8ca636101edf9c287491e9a33df027ba595b273a8ed5aa6e64d7d3b218b76dc3566398b63e3a8dd3de57079ca6118e08a919f343ead86112d5dea53d5318814f9ddf14081758874653d15a71d0a4b7b18910a03e474208e31ca08e010c28aaa46ecc7c466cb8a06ee6047ca4ae798dc67f6e612afb9aca11097fec86fd5f12ffc6d43e70d749ed8962f2c9d7e88c49cad8b6af5ffca7d38eecafe276f318fdc229937052dee824a11519c054b9716a45703baef71e935632522ac184812313296a6599384899e8015ca5812cd608882ed02e8bc602bb3fb28b7e2bf2128e9fbe97a1e27e074586c6ebb0449ae67c56a96a0b0fcddadb770e57ef7377fed2191d519f222f8a8ce060cbeaa0428c835884f62fca487cd834ad600a5f68c28840878f9f519238abac8ab71c985bd0cdfb5bb1448cb8bb34a59ae512f2deee1f404e0d0c603c615a09be57ef4b94005ee0ef906239d56fa9f310b1be21098ac02db6302c4950496fdbc249d8ffd7cd19e7e26464e712c3184182b57546ae65b77ce55edeae4ee690a0db16b5c26977d36a3369c58ee48588f0ba502f4b584ccfe2e0f60b861930f24db34307ccfb6bf8139b0f8dea88413afc00bcf5582f211348df402e4ae1556627ac3f07dcc77d44d9454ba8eed51139ffdcea61172920c3494ff0d222e6836f8de22d66b10e3875b9b89a48c4ae134e7d81049039d186ea8995b5a289584437c54eb5d03197a7b81e2339f633dbba878eef49eeb85ee34df7789295c5491584af81f8f53487b713becb9a285f674d4c72b188ba6f767ede8ffae64842ecb82b33e799e90f7e977556884664e978e9dc7686c5d1253d4328ac7d95c67258a4fbc267a29b515f09a27a87015756c825f3ce309a2d8b089f2aed4e560d2b154d40ec1fe9cd01ecbfe3b025ff4222891757b376a9cbf325820912f8027ddd963d1ccf549baa912c0cf4817bf1a639dd5b39e56a63d108d914169c72577bc45730e1a9e20529a9f6a8aee9c83da159467c2f77212c1b9eda16804490198a29c61efec362dfa448ffa56a8e120690222f8e56ee6a820feda4173637e34c1aab938637ff82aad4f4f352f12ff9c164a9a7ebaa7a17797764b2bacae18898c33e8c759298eb94db0b8e676b6cc7971e6bd80445472af014f7470656d2566d7ca656acd4135e61dd4545f2d587ea05e6161db82f298bd71d610e50a092b817789473f5da3d32716613a1b09bbda29d501eff30e9993271f20423e74a2a0a1662f99f73c27e855d32796bc68a769e92e2b5d659f2ebd132dc9bfffbf031cd225f7e83e321160b65e55ff38462e8a36a4c533d30302d8102bcb41bec2abab1984b06733d370c2f3363a8d5e30c08f0e74e9e876f72745f574bc80fbe25943896ebe04fe72cfa9de6ee8506ad70c3be65a86eaf4f1fb913821afc85cf985b841d8ca96321dc1a31724f0b599c2ad147713692ecde7238ac87f2f426169bc060281c460f0e1346a92f464ee1f794002d3187a84fc6757f735cbbf42c41a0bb5d99ca04ef3792276491a1232fbcc00f7caf321ac9951a6517eeabaedc207c6b4d9c8f4e5a458d7def6c08a508b66ed3ccae5b544f0b84c9871129c4f6efa804404852993483d06b9227a689cb37a605b43265ca46ebe674073fbca8f83a56856cd6d5cf6e018dea75ca325b2365527888321bc8686069a7dbdc8b22a32c20e07e79eca4f83902a7d02c641bbdbe66a1bc18ff132c770b67964cce6c3800c05a5f0e0253ebd85b825e1c692887e36e4b938ac97507979aa39459ea04070fb078c63c334eabbc1e6444ce1336f98a41045d2a576a049d07368e027b182f6038ad38c3359dd3de78544dc621f9acd4f0540e117162c22e753462c4be2065724c3429b75b4db74e89d84f2795aba986dfc2b1fdcbe98346260cb9748f454a65f4b35b874ac5910184ad0fece39f01cd50663ca2462729f4cfa4e756c0cb6fc397f77c8fdcd7c9e194705e522ca83c625c7fab6ea43aad89db0b6ba71eed901209fc7330e8bc671aff44e5e48502abddc2409b52ece3779d3b19c1832b30abd3f81a9ff0c68fce42ad9c1941f03ce33ed9d37dce98dbe5e1d23519d22087f307e870c82f028e96fef580c4c8c62a32c2776eed31c3d8bddeb43cc53ab8592478253b6de3095d6828bd960989b9ed9879f863d3128f708eebe99f7701823f232444f2ac9830da973b993679e1bb510b2b6939847751cd0d4642d7bb899e21a7c26938fae9f1b149ff19032b5149b4cde635fa99c2160a8cd6f7ad6a5a242b6b31e253e04ea72f1b6f60677ef87fd8e175373c24822a3794134a3124f2e109a59d9db08e48f845254d4b68c42da5b2b2f3c3c528f4281cae4f5117cd0a4658e9ed1dba09656393623fb13fad1cda4eaa602176aba55ba251817017338193512318390fed2a914739050b1a85ca3833f71aa7c4c8fb45158b530c24bd4316f72c9b432a1bd067cd6fc64d646cc06bfbbf990dacb32de9496a8d730cc07171ce548957d435b2f121ea4bb939f70785ebce86f0ad6d89bb71cdc1d0897284ac5d09b95a76ddbfc787a98193b9cbdb1d3ffd89d5f10b9bbb5d41a2a33f73385df351db85c83786db3da558d890f414b21615160dfcb3b46f0958d492bd6d056550c48e5f0c26dd10c1c6ab3b4c6b7d911db5ac463f8e37a8bbcc2295fe79fa109f491a126fff6a1ffe161c7787f746fc8ddea5f19bd20fabca63aa81ae2d725e0b250f27fd7c8431ef6b2827904f62b5ffefc9bfdfb7d55ef6d9883c6ab43c5214b4af237d0df67afcb3d62e80041720952e837e65a22351cb3bf8a9e271568597f79f12144495d31ef72fc36a86e9eb4359790aee88c00b05473ac1a90b8bbe0c0db99570dd9bda506469c258e145841d9c26c9f32722a678cf25657acd124831cfc6a1809e341989b46b6df9db72b18f8be39cd845669bad697bc6bd9bec531047d5fa9e201e1a525c372367f8495280c5d93a62f9fb6f890c59959dcbac7de68e3a417befcd11c722067aac4726e2fdcabce2321ea64d9fbda04ab25dedbcb441faaef2d7bf024fe765591fd0354b2bcaa243a6d741272d4458e433118568944047eeec85d3b0f5b98cbdad0f77371be15af9c1bf928eceb652c581fa638e2131c22d901e6f047a5649ffab5324054389ebeb47ff283e0f0ffe074382e520c632bc440cbeaa68770877516e101709489bcb643b187cb2715e58479074cd32d53077331453fc537d34f87a7ec5e5da686c2f304116394e2bd1e480f5da74a6b725d526b71dc869df8dda3feb44f5463f4c678b6a8be34994ecb0902b3cf269de1adf0da8b8ad340b63a6d0237df7e812b94572adbc196784dfcf33e3e97a17b71a2dad7015fb2d59d4c5838ca551984c7d8ee7bf05ab3edf89029ffd20e373fcb72523bff1e63df721416a068d7b2daa3e17fbba8e831c53e29a94dc483e289cf7406a7b2da28ecc761cf9d847d39b7daa5e34a2a0e4dd19ca5c4a1ab274c7fb9a3057109ec0644579f1af210f8b8133dd87f1abd7c71ac09cfc38699573b35e6d9c5bdaa21f16442b87860e9a7f62ff7c2458160c6a64dc218a258ee06e222e47b3b8e0cf5a5c2d9985f886f32abd129ee056fae9b2e32d0571532eab27fa8f079f9c3e378125f2020064850cfb19c53aa44ad8da6f83a5d827bcb131da9d4dde6e8bd0005ef240c4a02b17051845c35725bd8668c3b27b46355febbf2bf3e5dc5ec650499669cbfe921815396d87b3ede410d492cc73ec7f3a40409eed9358131f1f75e31f24e34af6fc7b6fe2730fd043fd69269d939772e7fef5f2e08b657038a61bc8a8d5688b16029d15aacefe6631a364769d3b9b261bbac584c5ba29b7fbda146fc2ac0f1044f89141a57292b87c7275c6ec6011e5b4b40d1ebc4fc32e7c7ac96aea170225e60c189ed09f8df0a143232bd93c6a9d0fba9783f303b3375b10dde9cd501e68df3734f6278a0389418578834e1912806f07e2fa715bfed4bc707559ee3d4966f51cb652b06b747ae2d79b56759035f01953e76a2dc14c817eb0f97332e68c1d3995dcd84b2329194299944cb2c050991c409fe447ed764a9a3a1182bc30f773b0b415c1898460150c9fec8987c24ba07f87f299d014bd89049b3e9d0c9bf1c6bf159545e52cdfcf9e799b593cb411a3db12396dc9c09ddeddfcb6165a99074e531b7ceddaf344baf2e65225203da537cf09fc073d61d92c13a1c95f93e70050b99850272d0227a89faadfbfae923501b0321984b59229b7dc3c646bf4e381534fcb31783c568deb1a36f95c873df99ccab25446c77d96de6b2c70d5baa5b27786e8027b2f70be117bfdc1b2c6d72a6ab2f9e9a9ce231443d0621448e78393142f90177e7bb52976c668583c64beca45af5ea23a060ec910c6cd89ba7cb9cbbd7627ee56dd2d4d60d994cd63e81f181642b8864afa797aecc22358eea8d059d681a333caa15a8c56918523d465e94668d6ef5f3dcc089bffb13ad76dbf79c44c14f494fda3a55f61c3ed659e20a274297360576fd3230b3e4b7e79ea5b7d78c1def22741a38d17b39c646579d8d5df4cae4eca98d1c0df9371532fe89efc2c375fe433699ee14fcd4cf84495d380663aa10a374dba851536b8159deee491ed2c0e2b920bf7c5627db54562f1ff9c56795245be220391d6b681360fa221efc91faf57d80f15b5e3d881cfa30e1145dbde325c6cc8254938a9eb906d846ec5f76f63443b8f2c50db90b6563900a8f97947c82caec3ce4ee3a5e19fc3324376e4b041b7ed82d9940f7a63f9f962f6d746cb781dbbe16a90649881a77e8ac40677e74d87beadc50df2bc624aa6a707cb50c8ee749db526903f38d706df0201bf503b759d320fa940838ec74c914d0de569ed9ffc6eb2cee026ce22cd50a884bccfadbf503892930c4c4dd7efcb3caaac1695027ed66f3f29c7a1edade721bac0599ff0c400542d31d5dc235ddca7bada9cabcf427e038e5c6a54687b955131c547155036401c7a9a44b3b0437edaa30635b84e37996bcc8594307a6b6bbd8b06daa994cf238925485cd9ace35b3fdfd72788199b6f0570eed2078a4b2f36f511a68566927389ca5ce1c854cb500c2693d7a7917cc8f1215608b7dd2ab22de43a5cc91309a4db2a4c29fdeceaec4a604d13af72a60ea50070626aa6d4cfa418b95edda37a88db5218a1e096436a3551ee712ae137217cd0e941c31e86839e3a9aef8058f5f3196a5006f5a13f3343c0cbf50f9a27c7481e62614a4c51071df6c9a2e0058e534be00c510052e03148c79cc31256359b330c0de91e6130ce741d0472a838463987b9cb80693701825d0af139207f4ff1dc5cb92187170acb8c217f26b1a0544021a8ddce3e31de19b603a5eeca75a7a6234f75d890322a2dca481bc814ba65893cf8e4492094dfe534936a4378e85f680559f4ebce2cccdbea2c0c1e776c4cf50df6b0bc2effcee0f2c76b5c478f9dd02e0eef9399ddf2ba449e03cfd5d33388b0b683c3ce0d301ca1ba4ab", 0x1000}}, 0x1006)
write$nci(r5, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES32=r4, @ANYRES32=r6, @ANYRES8=r1, @ANYRESOCT=r4, @ANYBLOB="13304726d44ea1840b7142ff2905cd20229f4d89d2ae6810e95ed55589b20f2da264d29959f11c48646c0ed27b7aeb625ad45fee7f703d51d1f3e7545f88d9da66a0c530a8468509ee08bbaa933b48f31d8b29a46b1aad8797ac1499cd14d32fc5e026fc0ff4e33d53d9fc37a925b21f0f1e008e1657b9dad2772e0dd3d06a8215852698dea29ac81f4e65c6776c1cb5ab58766ee82c56c5f8feac48de22b1448e47", @ANYRES64=r1, @ANYRES16=r6], 0x14)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r7)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r8, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

74.278604ms ago: executing program 40 (id=6570):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x1})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r4, 0x0, 0x0)
r5 = dup(r3)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
ioctl$BLKRAGET(r0, 0x1263, &(0x7f0000000240))
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

0s ago: executing program 41 (id=6572):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
ioctl$TUNSETGROUP(r1, 0x400454ce, 0xee00)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000000)={{0x80, 0xa2}, 'port1\x00', 0x0, 0x849, 0x0, 0x0, 0x0, 0x3})
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(r2)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'veth1_vlan\x00', 0x1})
ioctl$PTP_EXTTS_REQUEST2(r3, 0xc0603d0f, &(0x7f0000000000)={0xa1b, 0xd})
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000140)={"9fc2a0544b38d5004b9277c0794199f857dc9b7ac7708c00000000000000de00", r5, 0xffffffffffffffff, 0x4000})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x2bc67b5dc0ef3785})
read(r0, 0x0, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r5, 0x8008f511, &(0x7f00000000c0))
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f0000000400)={{0x0, 0x1}, 0x0, 0xfffffffe})
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0xb, 0x202812, r5, 0x26223000)

kernel console output (not intermixed with test programs):

690.034818][   T36] bridge_slave_1: left promiscuous mode
[  690.040780][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.169493][   T36] bridge_slave_0: left allmulticast mode
[  690.184219][   T36] bridge_slave_0: left promiscuous mode
[  690.192728][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.200945][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  691.207608][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  692.367180][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  692.445818][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  692.508118][   T36] bond0 (unregistering): Released all slaves
[  693.141075][ T1622] bridge0: port 1(bridge_slave_0) entered blocking state
[  693.154396][ T1622] bridge0: port 1(bridge_slave_0) entered disabled state
[  693.184106][ T1622] bridge_slave_0: entered allmulticast mode
[  693.210613][ T1622] bridge_slave_0: entered promiscuous mode
[  693.234473][ T1947] CUSE: info not properly terminated
[  693.240478][ T1622] bridge0: port 2(bridge_slave_1) entered blocking state
[  693.270473][ T1622] bridge0: port 2(bridge_slave_1) entered disabled state
[  693.282499][ T1622] bridge_slave_1: entered allmulticast mode
[  693.303033][ T1622] bridge_slave_1: entered promiscuous mode
[  693.682604][ T1988] FAULT_INJECTION: forcing a failure.
[  693.682604][ T1988] name failslab, interval 1, probability 0, space 0, times 1
[  693.706250][ T1988] CPU: 0 UID: 0 PID: 1988 Comm: syz.4.3972 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  693.706282][ T1988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  693.706296][ T1988] Call Trace:
[  693.706304][ T1988]  <TASK>
[  693.706312][ T1988]  dump_stack_lvl+0x189/0x250
[  693.706350][ T1988]  ? __pfx____ratelimit+0x10/0x10
[  693.706383][ T1988]  ? __pfx_dump_stack_lvl+0x10/0x10
[  693.706407][ T1988]  ? __pfx__printk+0x10/0x10
[  693.706436][ T1988]  ? __pfx___might_resched+0x10/0x10
[  693.706460][ T1988]  ? fs_reclaim_acquire+0x7d/0x100
[  693.706495][ T1988]  should_fail_ex+0x414/0x560
[  693.706526][ T1988]  should_failslab+0xa8/0x100
[  693.706555][ T1988]  __kmalloc_noprof+0xcb/0x4f0
[  693.706577][ T1988]  ? kfree+0x4d/0x440
[  693.706596][ T1988]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  693.706625][ T1988]  tomoyo_realpath_from_path+0xe3/0x5d0
[  693.706651][ T1988]  ? tomoyo_domain+0xd9/0x130
[  693.706679][ T1988]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  693.706710][ T1988]  tomoyo_path_number_perm+0x1e8/0x5a0
[  693.706746][ T1988]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  693.706797][ T1988]  ? __lock_acquire+0xab9/0xd20
[  693.706837][ T1988]  ? __fget_files+0x2a/0x420
[  693.706869][ T1988]  ? __fget_files+0x2a/0x420
[  693.706896][ T1988]  ? __fget_files+0x3a0/0x420
[  693.706921][ T1988]  ? __fget_files+0x2a/0x420
[  693.706956][ T1988]  security_file_ioctl+0xcb/0x2d0
[  693.706989][ T1988]  __se_sys_ioctl+0x47/0x170
[  693.707017][ T1988]  do_syscall_64+0xfa/0x3b0
[  693.707036][ T1988]  ? lockdep_hardirqs_on+0x9c/0x150
[  693.707066][ T1988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.707087][ T1988]  ? clear_bhb_loop+0x60/0xb0
[  693.707112][ T1988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.707131][ T1988] RIP: 0033:0x7f5e89d8e929
[  693.707148][ T1988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  693.707164][ T1988] RSP: 002b:00007f5e8acc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  693.707186][ T1988] RAX: ffffffffffffffda RBX: 00007f5e89fb5fa0 RCX: 00007f5e89d8e929
[  693.707199][ T1988] RDX: 0000000000000001 RSI: 000000000000ab00 RDI: 0000000000000003
[  693.707208][ T1988] RBP: 00007f5e8acc7090 R08: 0000000000000000 R09: 0000000000000000
[  693.707218][ T1988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.707228][ T1988] R13: 0000000000000000 R14: 00007f5e89fb5fa0 R15: 00007ffe5e678bb8
[  693.707253][ T1988]  </TASK>
[  693.707265][ T1988] ERROR: Out of memory at tomoyo_realpath_from_path.
[  693.953548][ T1991] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  693.979559][ T1991] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  694.177456][ T1622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  694.380002][ T1622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  694.646671][   T36] hsr_slave_0: left promiscuous mode
[  694.722545][   T36] hsr_slave_1: left promiscuous mode
[  694.733876][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  694.751363][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  694.790841][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  694.802056][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  694.978138][   T36] veth1_macvtap: left promiscuous mode
[  694.983774][   T36] veth0_macvtap: left promiscuous mode
[  694.989555][   T36] veth1_vlan: left promiscuous mode
[  695.006613][   T36] veth0_vlan: left promiscuous mode
[  696.083111][   T30] audit: type=1400 audit(1750405740.689:17): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=2086 comm="syz.7.3983"
[  696.522165][ T2096] FAULT_INJECTION: forcing a failure.
[  696.522165][ T2096] name failslab, interval 1, probability 0, space 0, times 0
[  696.535143][ T2096] CPU: 0 UID: 0 PID: 2096 Comm: syz.4.3984 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  696.535179][ T2096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  696.535195][ T2096] Call Trace:
[  696.535211][ T2096]  <TASK>
[  696.535222][ T2096]  dump_stack_lvl+0x189/0x250
[  696.535259][ T2096]  ? __pfx____ratelimit+0x10/0x10
[  696.535302][ T2096]  ? __pfx_dump_stack_lvl+0x10/0x10
[  696.535335][ T2096]  ? __pfx__printk+0x10/0x10
[  696.535369][ T2096]  ? __pfx___might_resched+0x10/0x10
[  696.535399][ T2096]  ? fs_reclaim_acquire+0x7d/0x100
[  696.535443][ T2096]  should_fail_ex+0x414/0x560
[  696.535484][ T2096]  should_failslab+0xa8/0x100
[  696.535523][ T2096]  __kmalloc_noprof+0xcb/0x4f0
[  696.535556][ T2096]  ? tomoyo_encode+0x28b/0x550
[  696.535593][ T2096]  tomoyo_encode+0x28b/0x550
[  696.535632][ T2096]  tomoyo_realpath_from_path+0x58d/0x5d0
[  696.535677][ T2096]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  696.535720][ T2096]  tomoyo_path_number_perm+0x1e8/0x5a0
[  696.535767][ T2096]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  696.535841][ T2096]  ? __lock_acquire+0xab9/0xd20
[  696.535891][ T2096]  ? __fget_files+0x2a/0x420
[  696.535935][ T2096]  ? __fget_files+0x2a/0x420
[  696.535973][ T2096]  ? __fget_files+0x3a0/0x420
[  696.536011][ T2096]  ? __fget_files+0x2a/0x420
[  696.536055][ T2096]  security_file_ioctl+0xcb/0x2d0
[  696.536101][ T2096]  __se_sys_ioctl+0x47/0x170
[  696.536138][ T2096]  do_syscall_64+0xfa/0x3b0
[  696.536161][ T2096]  ? lockdep_hardirqs_on+0x9c/0x150
[  696.536202][ T2096]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.536229][ T2096]  ? clear_bhb_loop+0x60/0xb0
[  696.536263][ T2096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.536289][ T2096] RIP: 0033:0x7f5e89d8e929
[  696.536312][ T2096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  696.536335][ T2096] RSP: 002b:00007f5e8acc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  696.536361][ T2096] RAX: ffffffffffffffda RBX: 00007f5e89fb5fa0 RCX: 00007f5e89d8e929
[  696.536382][ T2096] RDX: 0000000000000001 RSI: 000000000000ab00 RDI: 0000000000000003
[  696.536397][ T2096] RBP: 00007f5e8acc7090 R08: 0000000000000000 R09: 0000000000000000
[  696.536416][ T2096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  696.536432][ T2096] R13: 0000000000000000 R14: 00007f5e89fb5fa0 R15: 00007ffe5e678bb8
[  696.536471][ T2096]  </TASK>
[  696.536589][ T2096] ERROR: Out of memory at tomoyo_realpath_from_path.
[  697.965846][   T36] team0 (unregistering): Port device team_slave_1 removed
[  698.208721][   T36] team0 (unregistering): Port device team_slave_0 removed
[  701.335652][ T1622] team0: Port device team_slave_0 added
[  701.656291][ T1622] team0: Port device team_slave_1 added
[  702.056091][ T1622] batman_adv: batadv0: Adding interface: batadv_slave_0
[  702.094754][ T1622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  702.164761][ T1622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  702.219315][ T1622] batman_adv: batadv0: Adding interface: batadv_slave_1
[  702.272184][ T1622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  702.368293][ T1622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  702.873097][ T1622] hsr_slave_0: entered promiscuous mode
[  702.910212][ T1622] hsr_slave_1: entered promiscuous mode
[  703.478371][ T2265] FAULT_INJECTION: forcing a failure.
[  703.478371][ T2265] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  703.530418][ T2265] CPU: 1 UID: 0 PID: 2265 Comm: syz.7.3993 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  703.530448][ T2265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  703.530461][ T2265] Call Trace:
[  703.530469][ T2265]  <TASK>
[  703.530478][ T2265]  dump_stack_lvl+0x189/0x250
[  703.530508][ T2265]  ? __pfx____ratelimit+0x10/0x10
[  703.530548][ T2265]  ? __pfx_dump_stack_lvl+0x10/0x10
[  703.530572][ T2265]  ? __pfx__printk+0x10/0x10
[  703.530606][ T2265]  should_fail_ex+0x414/0x560
[  703.530639][ T2265]  _copy_to_user+0x31/0xb0
[  703.530663][ T2265]  simple_read_from_buffer+0xe1/0x170
[  703.530696][ T2265]  proc_fail_nth_read+0x1df/0x250
[  703.530719][ T2265]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  703.530742][ T2265]  ? rw_verify_area+0x258/0x650
[  703.530767][ T2265]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  703.530788][ T2265]  vfs_read+0x1fd/0x980
[  703.530819][ T2265]  ? __pfx___mutex_lock+0x10/0x10
[  703.530841][ T2265]  ? __pfx_vfs_read+0x10/0x10
[  703.530868][ T2265]  ? __fget_files+0x2a/0x420
[  703.530903][ T2265]  ? __fget_files+0x3a0/0x420
[  703.530932][ T2265]  ? __fget_files+0x2a/0x420
[  703.530981][ T2265]  ksys_read+0x145/0x250
[  703.531009][ T2265]  ? __pfx_ksys_read+0x10/0x10
[  703.531041][ T2265]  ? do_syscall_64+0xbe/0x3b0
[  703.531066][ T2265]  do_syscall_64+0xfa/0x3b0
[  703.531083][ T2265]  ? lockdep_hardirqs_on+0x9c/0x150
[  703.531115][ T2265]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.531135][ T2265]  ? clear_bhb_loop+0x60/0xb0
[  703.531160][ T2265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.531179][ T2265] RIP: 0033:0x7f043538d33c
[  703.531197][ T2265] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  703.531215][ T2265] RSP: 002b:00007f0436181030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  703.531237][ T2265] RAX: ffffffffffffffda RBX: 00007f04355b5fa0 RCX: 00007f043538d33c
[  703.531252][ T2265] RDX: 000000000000000f RSI: 00007f04361810a0 RDI: 0000000000000004
[  703.531264][ T2265] RBP: 00007f0436181090 R08: 0000000000000000 R09: 0000000000000000
[  703.531276][ T2265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  703.531287][ T2265] R13: 0000000000000000 R14: 00007f04355b5fa0 R15: 00007fffa5b93ab8
[  703.531315][ T2265]  </TASK>
[  704.119056][ T2278] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  706.306737][ T1622] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  706.349278][ T1622] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  706.449644][ T1622] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  706.546535][ T1622] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  706.839053][ T1622] 8021q: adding VLAN 0 to HW filter on device bond0
[  706.899218][ T1622] 8021q: adding VLAN 0 to HW filter on device team0
[  706.960842][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state
[  706.968101][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  706.989448][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[  706.997352][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  707.657709][ T1622] 8021q: adding VLAN 0 to HW filter on device batadv0
[  708.358913][ T2458] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  708.631848][ T1622] veth0_vlan: entered promiscuous mode
[  708.706647][ T1622] veth1_vlan: entered promiscuous mode
[  708.831017][ T1622] veth0_macvtap: entered promiscuous mode
[  708.868867][ T1622] veth1_macvtap: entered promiscuous mode
[  708.949939][ T1622] batman_adv: batadv0: Interface activated: batadv_slave_0
[  708.994485][ T1622] batman_adv: batadv0: Interface activated: batadv_slave_1
[  709.062209][ T1622] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  709.116727][ T1622] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  709.138062][ T1622] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  709.154914][ T1622] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  709.601811][ T2486] Sensor A: =================  START STATUS  =================
[  709.626002][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  709.644259][ T2486] Sensor A: Test Pattern: 75% Colorbar
[  709.662067][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  709.670074][ T2486] Sensor A: Show Information: All
[  709.683978][ T2486] Sensor A: Vertical Flip: true
[  709.705005][ T2486] Sensor A: Horizontal Flip: true
[  709.724911][ T2486] Sensor A: Brightness: 3
[  709.729786][ T2486] Sensor A: Contrast: 0
[  709.734256][ T2486] Sensor A: Hue: 3
[  709.781415][ T2486] Sensor A: Saturation: 0
[  709.790205][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  709.795459][ T2486] Sensor A: ==================  END STATUS  ==================
[  709.815015][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  710.255955][ T2539] block device autoloading is deprecated and will be removed.
[  711.018295][ T2590] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  711.282508][ T2611] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  712.228401][ T5915] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  712.572220][ T5915] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  713.070068][ T5915] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  713.505939][ T5915] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  713.764022][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  713.773845][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  713.784296][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  713.792419][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  713.801419][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  713.801835][T23010] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  713.810312][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  713.824927][T23010] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  713.833036][T23010] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  713.835139][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  713.850859][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  713.882835][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  713.890600][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  713.901536][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  713.910114][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  714.589628][ T5915] bridge_slave_1: left allmulticast mode
[  714.598050][ T5915] bridge_slave_1: left promiscuous mode
[  714.605592][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.676111][ T5915] bridge_slave_0: left allmulticast mode
[  714.681841][ T5915] bridge_slave_0: left promiscuous mode
[  714.696708][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.917956][ T5850] Bluetooth: hci2: command tx timeout
[  715.996530][ T5850] Bluetooth: hci3: command tx timeout
[  716.800063][ T5915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  716.866389][ T5915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  716.920102][ T5915] bond0 (unregistering): Released all slaves
[  717.050968][ T2891] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  717.058017][ T2891] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  717.213637][ T2891] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  717.224311][ T2891] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  717.746053][   T30] audit: type=1800 audit(1750405762.359:18): pid=3020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4054" name="[kvm-gmem]" dev="anon_inodefs" ino=133252 res=0 errno=0
[  717.766968][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.812632][ T3020] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  718.215144][ T5915] hsr_slave_0: left promiscuous mode
[  718.266475][ T5915] hsr_slave_1: left promiscuous mode
[  718.272593][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  718.280212][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_0
[  718.336004][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  718.343963][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_1
[  718.413827][ T5915] veth1_macvtap: left promiscuous mode
[  718.419822][ T5915] veth0_macvtap: left promiscuous mode
[  718.426841][ T5915] veth1_vlan: left promiscuous mode
[  718.432520][ T5915] veth0_vlan: left promiscuous mode
[  721.039527][ T5915] team0 (unregistering): Port device team_slave_1 removed
[  721.245508][ T5915] team0 (unregistering): Port device team_slave_0 removed
[  723.899820][ T2711] chnl_net:caif_netlink_parms(): no params data found
[  724.209542][ T2709] chnl_net:caif_netlink_parms(): no params data found
[  725.075595][ T2711] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.103897][ T2711] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.133097][ T2711] bridge_slave_0: entered allmulticast mode
[  725.142411][ T2711] bridge_slave_0: entered promiscuous mode
[  725.153845][ T2711] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.185808][ T2711] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.193134][ T2711] bridge_slave_1: entered allmulticast mode
[  725.214118][ T2711] bridge_slave_1: entered promiscuous mode
[  725.262582][ T2709] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.275950][ T2709] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.304966][ T2709] bridge_slave_0: entered allmulticast mode
[  725.312965][ T2709] bridge_slave_0: entered promiscuous mode
[  725.515914][ T3435] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  725.612874][ T2709] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.620538][ T2709] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.628228][ T2709] bridge_slave_1: entered allmulticast mode
[  725.638311][ T2709] bridge_slave_1: entered promiscuous mode
[  725.859858][ T2711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.875929][ T2709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  725.888215][ T2711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.902343][ T2709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  726.096095][ T3504] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  726.202825][ T2711] team0: Port device team_slave_0 added
[  726.516790][ T2709] team0: Port device team_slave_0 added
[  726.538127][ T2711] team0: Port device team_slave_1 added
[  726.992043][ T5915] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  727.258585][ T2709] team0: Port device team_slave_1 added
[  727.319242][ T3587] dlm: no locking on control device
[  727.442318][ T3602] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  727.460295][ T3602] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  727.552977][ T5915] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  727.689738][ T2711] batman_adv: batadv0: Adding interface: batadv_slave_0
[  727.703952][ T2711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  727.737309][ T2711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  728.047213][ T5915] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  728.106744][ T2711] batman_adv: batadv0: Adding interface: batadv_slave_1
[  728.113775][ T2711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  728.142848][ T2711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  728.277496][ T5915] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  728.341448][ T2709] batman_adv: batadv0: Adding interface: batadv_slave_0
[  728.348956][ T2709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  728.376576][ T2709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  728.403087][ T2709] batman_adv: batadv0: Adding interface: batadv_slave_1
[  728.416847][ T2709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  728.442937][ T2709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  728.813645][ T3668] sp0: Synchronizing with TNC
[  728.944408][ T2711] hsr_slave_0: entered promiscuous mode
[  728.960910][ T2711] hsr_slave_1: entered promiscuous mode
[  728.974994][ T2711] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  728.989915][ T2711] Cannot create hsr debugfs directory
[  729.292841][ T2709] hsr_slave_0: entered promiscuous mode
[  729.315181][ T2709] hsr_slave_1: entered promiscuous mode
[  729.327039][ T2709] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  729.355119][ T2709] Cannot create hsr debugfs directory
[  729.458401][ T3765] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  730.027420][ T3849] program syz.5.4097 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  730.041630][ T3849] program syz.5.4097 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  730.059591][ T3849] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  730.071052][ T3849] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  730.079956][ T3849] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  730.189425][ T5915] bridge_slave_1: left allmulticast mode
[  730.195669][ T5915] bridge_slave_1: left promiscuous mode
[  730.201627][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[  730.266047][ T5915] bridge_slave_0: left allmulticast mode
[  730.275201][ T5915] bridge_slave_0: left promiscuous mode
[  730.281922][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[  731.863765][ T3900] input: syz0 as /devices/virtual/input/input113
[  732.445813][ T5915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  732.535653][ T5915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  732.588026][ T5915] bond0 (unregistering): Released all slaves
[  732.701020][ T3923] tap0: tun_chr_ioctl cmd 1074025677
[  732.715193][ T3923] tap0: linktype set to 774
[  732.756821][ T3935] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  732.771111][ T3938] binder: 3933:3938 unknown command 0
[  732.777562][ T3938] binder: 3933:3938 ioctl c0306201 200000000080 returned -22
[  733.328504][   T30] audit: type=1800 audit(1750405777.939:19): pid=3979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4116" name="memory.events" dev="tmpfs" ino=277 res=0 errno=0
[  733.961192][ T4018] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  734.114949][ T5915] hsr_slave_0: left promiscuous mode
[  734.184975][ T5915] hsr_slave_1: left promiscuous mode
[  734.190974][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  734.204767][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_0
[  734.239167][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  734.250190][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_1
[  734.348707][ T5915] veth1_macvtap: left promiscuous mode
[  734.354349][ T5915] veth0_macvtap: left promiscuous mode
[  734.361426][ T5915] veth1_vlan: left promiscuous mode
[  734.371150][ T5915] veth0_vlan: left promiscuous mode
[  734.465194][ T4031] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  737.167727][ T5915] team0 (unregistering): Port device team_slave_1 removed
[  737.387989][ T5915] team0 (unregistering): Port device team_slave_0 removed
[  739.087616][ T4083] input: syz1 as /devices/virtual/input/input114
[  739.230826][ T4089] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  740.480378][ T4102] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  741.005400][ T4131] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  741.248366][ T2711] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  741.303027][ T2711] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  741.364915][ T2711] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  741.419962][ T2711] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  741.549942][ T4172] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  741.622661][ T4171] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  743.293288][ T2711] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.358027][ T2711] 8021q: adding VLAN 0 to HW filter on device team0
[  743.436260][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.443524][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  743.550145][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.557368][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state
[  743.599123][ T2709] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  743.651468][ T2709] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  743.706988][ T2709] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  743.779517][ T2709] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  744.031810][ T4423] CUSE: DEVNAME unspecified
[  744.174078][ T2709] 8021q: adding VLAN 0 to HW filter on device bond0
[  744.246785][ T2709] 8021q: adding VLAN 0 to HW filter on device team0
[  744.288926][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.296307][ T5915] bridge0: port 1(bridge_slave_0) entered forwarding state
[  744.343162][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.350473][ T5915] bridge0: port 2(bridge_slave_1) entered forwarding state
[  744.426591][ T4445] syz.5.4153: attempt to access beyond end of device
[  744.426591][ T4445] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  744.618254][ T2711] 8021q: adding VLAN 0 to HW filter on device batadv0
[  744.866776][ T4464] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  745.173511][ T4484] random: crng reseeded on system resumption
[  745.186661][ T2709] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.428455][ T2709] veth0_vlan: entered promiscuous mode
[  745.528106][ T2709] veth1_vlan: entered promiscuous mode
[  745.600030][ T2711] veth0_vlan: entered promiscuous mode
[  745.620865][ T2709] veth0_macvtap: entered promiscuous mode
[  745.640790][ T2711] veth1_vlan: entered promiscuous mode
[  745.678466][ T2709] veth1_macvtap: entered promiscuous mode
[  745.758807][ T2711] veth0_macvtap: entered promiscuous mode
[  745.773373][ T2711] veth1_macvtap: entered promiscuous mode
[  745.878803][ T2711] batman_adv: batadv0: Interface activated: batadv_slave_0
[  745.902204][ T2709] batman_adv: batadv0: Interface activated: batadv_slave_0
[  745.924341][ T2711] batman_adv: batadv0: Interface activated: batadv_slave_1
[  745.937144][ T2709] batman_adv: batadv0: Interface activated: batadv_slave_1
[  745.960296][ T2711] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  745.970299][ T2711] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  745.980417][ T2711] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  745.989722][ T2711] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  746.004382][ T2709] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  746.014222][ T2709] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  746.023073][ T2709] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  746.032326][ T2709] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  746.544617][ T1117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  746.573294][ T1117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  748.229235][ T5915] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.651861][ T5915] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.801285][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  748.811515][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  748.826879][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  748.838918][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  748.850821][T23010] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  748.861675][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  748.873298][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  748.893502][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  748.901177][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  748.909418][T23010] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  748.916955][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  748.924121][T23010] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  748.933397][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  748.941075][T23010] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  748.950420][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  749.178182][ T5915] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.431579][ T5915] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.186810][ T4690] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  750.193381][ T4690] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  750.230023][ T5915] bridge_slave_1: left allmulticast mode
[  750.236422][ T5915] bridge_slave_1: left promiscuous mode
[  750.242397][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.326676][ T5915] bridge_slave_0: left allmulticast mode
[  750.332416][ T5915] bridge_slave_0: left promiscuous mode
[  750.338418][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.347735][ T4690] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  750.356074][ T4690] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  751.080278][ T4837] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  751.613795][ T4848] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  751.621572][ T4847] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  751.629474][ T4848] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  752.640795][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  752.643228][ T5915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  752.647411][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  752.755729][ T5915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  752.798701][ T5915] bond0 (unregistering): Released all slaves
[  753.400277][ T4640] chnl_net:caif_netlink_parms(): no params data found
[  753.429535][ T4645] chnl_net:caif_netlink_parms(): no params data found
[  753.676877][ T5050] input: syz0 as /devices/virtual/input/input116
[  754.824944][ T5915] hsr_slave_0: left promiscuous mode
[  754.858651][ T5915] hsr_slave_1: left promiscuous mode
[  754.872433][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  754.891908][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_0
[  754.936337][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  754.943881][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_1
[  755.034557][ T5915] veth1_macvtap: left promiscuous mode
[  755.054838][ T5915] veth0_macvtap: left promiscuous mode
[  755.061735][ T5915] veth1_vlan: left promiscuous mode
[  755.074905][ T5915] veth0_vlan: left promiscuous mode
[  755.215008][ T5120] kvm: kvm [5118]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff
[  757.283608][ T5164] input: syz1 as /devices/virtual/input/input117
[  757.826939][ T5915] team0 (unregistering): Port device team_slave_1 removed
[  758.086138][ T5915] team0 (unregistering): Port device team_slave_0 removed
[  761.038487][ T4640] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.045992][ T4640] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.053404][ T4640] bridge_slave_0: entered allmulticast mode
[  761.062011][ T4640] bridge_slave_0: entered promiscuous mode
[  761.103641][ T4640] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.116927][ T4640] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.124310][ T4640] bridge_slave_1: entered allmulticast mode
[  761.134253][ T4640] bridge_slave_1: entered promiscuous mode
[  761.467938][ T4645] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.477705][ T4645] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.490743][ T4645] bridge_slave_0: entered allmulticast mode
[  761.501476][ T4645] bridge_slave_0: entered promiscuous mode
[  761.645028][ T4645] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.652301][ T4645] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.662386][ T4645] bridge_slave_1: entered allmulticast mode
[  761.671074][ T4645] bridge_slave_1: entered promiscuous mode
[  761.837885][ T4640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  761.861170][ T4640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.437791][ T4645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  762.483758][ T4640] team0: Port device team_slave_0 added
[  762.509386][ T4640] team0: Port device team_slave_1 added
[  762.545693][ T4645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.844926][ T4640] batman_adv: batadv0: Adding interface: batadv_slave_0
[  762.851958][ T4640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  762.878032][    C1] vkms_vblank_simulate: vblank timer overrun
[  762.974821][ T4640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  763.277069][ T4640] batman_adv: batadv0: Adding interface: batadv_slave_1
[  763.301403][ T4640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  763.372241][ T4640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  763.773556][ T4645] team0: Port device team_slave_0 added
[  764.215324][ T4640] hsr_slave_0: entered promiscuous mode
[  764.222351][ T4640] hsr_slave_1: entered promiscuous mode
[  764.232933][ T4640] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  764.240996][ T4640] Cannot create hsr debugfs directory
[  764.254214][ T4645] team0: Port device team_slave_1 added
[  764.987761][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_0
[  765.004706][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  765.064784][ T4645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  765.219776][ T5915] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  765.432037][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_1
[  765.454694][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  765.528076][ T4645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  765.738423][ T5915] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.218282][ T5915] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.448186][ T4645] hsr_slave_0: entered promiscuous mode
[  766.463272][ T4645] hsr_slave_1: entered promiscuous mode
[  766.480432][ T4645] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  766.518795][ T4645] Cannot create hsr debugfs directory
[  766.698022][ T5915] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  768.357718][ T5915] bridge_slave_1: left allmulticast mode
[  768.363449][ T5915] bridge_slave_1: left promiscuous mode
[  768.388067][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.496010][ T5915] bridge_slave_0: left allmulticast mode
[  768.501751][ T5915] bridge_slave_0: left promiscuous mode
[  768.528711][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[  770.094497][ T5878] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  770.742349][ T5887] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  770.966507][ T5915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  771.135694][ T5915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  771.247824][ T5915] bond0 (unregistering): Released all slaves
[  771.806005][ T5916] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  771.957010][ T5915] hsr_slave_0: left promiscuous mode
[  772.010356][ T5915] hsr_slave_1: left promiscuous mode
[  772.020629][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  772.044770][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_0
[  772.086217][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  772.093808][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_1
[  772.218226][ T5915] veth1_macvtap: left promiscuous mode
[  772.223953][ T5915] veth0_macvtap: left promiscuous mode
[  772.248050][ T5915] veth1_vlan: left promiscuous mode
[  772.253837][ T5915] veth0_vlan: left promiscuous mode
[  775.619760][ T5915] team0 (unregistering): Port device team_slave_1 removed
[  775.790018][ T5975] input: syz1 as /devices/virtual/input/input118
[  775.808443][ T5975] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  775.865430][ T5915] team0 (unregistering): Port device team_slave_0 removed
[  778.606484][ T4640] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  778.646501][ T4640] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  778.772336][   T30] audit: type=1800 audit(1750405823.379:20): pid=6007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4267" name="dmabuf" dev="dmabuf" ino=26 res=0 errno=0
[  778.800567][ T4640] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  778.987106][ T4640] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  779.558189][ T4640] 8021q: adding VLAN 0 to HW filter on device bond0
[  779.621356][ T4640] 8021q: adding VLAN 0 to HW filter on device team0
[  779.678388][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  779.685633][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  779.794223][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state
[  779.801460][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state
[  779.872710][ T4645] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  779.921732][ T4645] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  779.992045][ T4645] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  780.044325][ T4640] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  780.066219][ T4640] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  780.079912][ T4645] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  780.458406][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0
[  780.522870][ T4640] 8021q: adding VLAN 0 to HW filter on device batadv0
[  780.553320][ T4645] 8021q: adding VLAN 0 to HW filter on device team0
[  780.591018][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state
[  780.598304][ T5915] bridge0: port 1(bridge_slave_0) entered forwarding state
[  780.624289][ T2972] bridge0: port 2(bridge_slave_1) entered blocking state
[  780.631532][ T2972] bridge0: port 2(bridge_slave_1) entered forwarding state
[  780.827720][ T4640] veth0_vlan: entered promiscuous mode
[  780.903694][ T4640] veth1_vlan: entered promiscuous mode
[  781.049979][ T4640] veth0_macvtap: entered promiscuous mode
[  781.099522][ T4640] veth1_macvtap: entered promiscuous mode
[  781.181214][ T4640] batman_adv: batadv0: Interface activated: batadv_slave_0
[  781.221926][ T4640] batman_adv: batadv0: Interface activated: batadv_slave_1
[  781.269959][ T4640] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  781.295083][ T4640] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  781.317886][ T4640] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  781.365624][ T4640] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  781.603412][ T4645] 8021q: adding VLAN 0 to HW filter on device batadv0
[  781.808485][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  781.855167][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  781.980557][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  782.018633][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  782.662893][ T6175] Scaler: =================  START STATUS  =================
[  782.676230][ T6175] Scaler: ==================  END STATUS  ==================
[  783.045545][ T4645] veth0_vlan: entered promiscuous mode
[  783.072960][ T4645] veth1_vlan: entered promiscuous mode
[  783.199599][ T4645] veth0_macvtap: entered promiscuous mode
[  783.238096][ T4645] veth1_macvtap: entered promiscuous mode
[  783.289909][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_0
[  783.329447][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_1
[  783.360651][ T4645] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  783.392846][ T4645] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  783.405235][ T4645] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  783.414312][ T4645] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  783.642164][ T6205] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  783.796826][ T6184] [U] ^C
[  783.857349][ T5915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  783.885121][ T5915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  783.903632][ T6234] loop6: detected capacity change from 0 to 524287999
[  783.958656][ T5915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  783.967114][ T5915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  784.556343][ T6276] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  784.629771][ T6278] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  785.533223][ T6346] [U] 
[  785.685281][ T6351] CUSE: info not properly terminated
[  786.537876][ T6383] binder: 6382:6383 ioctl c0306201 200000000640 returned -22
[  786.566412][ T6383] blktrace: Concurrent blktraces are not allowed on sg0
[  786.608040][ T6383] relay: one or more items not logged [item size (56) > sub-buffer size (6)]
[  787.573897][ T6445] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  787.582379][ T6446] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  787.879031][ T6472] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  788.107861][ T6487] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  788.981718][ T6533] loop6: detected capacity change from 0 to 4
[  788.997403][ T6536] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  789.169260][ T6548] tun0: tun_chr_ioctl cmd 1074025675
[  789.174895][ T6548] tun0: persist enabled
[  789.179417][ T6548] tun0: tun_chr_ioctl cmd 1074025675
[  789.185869][ T6548] tun0: persist enabled
[  789.644889][ T6572] CUSE: zero length info key specified
[  789.772585][ T6580] ALSA: seq fatal error: cannot create timer (-22)
[  789.893495][ T6589] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  792.555941][   T62] Bluetooth: Error in BCSP hdr checksum
[  792.826791][ T5915] Bluetooth: Error in BCSP hdr checksum
[  793.711059][ T6735] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  793.803780][ T6738] binder: 6737:6738 ioctl c018620b 9999999999999999 returned -14
[  793.840691][ T6738] sp0: Synchronizing with TNC
[  793.976539][ T6748] sp0: Synchronizing with TNC
[  794.317155][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  794.324272][T23010] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  794.446467][ T6778] ubi: mtd0 is already attached to ubi31
[  794.744856][ T6790] input: syz1 as /devices/virtual/input/input122
[  794.819550][ T6800] random: crng reseeded on system resumption
[  794.875717][ T6802] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  795.092710][ T6812] kvm: kvm [6811]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff
[  795.305026][ T6824] input: syz1 as /devices/virtual/input/input123
[  795.327167][ T6826] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  795.513248][ T6840] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  795.582784][ T6840] binder: 6839:6840 ioctl c0306201 200000000640 returned -22
[  796.490733][ T6899] input: syz1 as /devices/virtual/input/input124
[  798.389290][ T6995] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  798.414588][ T6995] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  798.986178][ T7044] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  800.530222][ T7137] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  802.557804][ T7248] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  802.914024][ T7266] binder: 7264:7266 ioctl c0306201 2000000002c0 returned -14
[  803.584994][ T7300] kernel profiling enabled (shift: 63)
[  803.614869][ T7300] profiling shift: 63 too large
[  803.942624][ T7323] Failed to get privilege flags for destination (handle=0x2:0x10)
[  805.052446][ T7376] serio: Serial port ttynull
[  806.502755][ T7431] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  807.271917][ T7482] binder: binder_mmap: 7481 200000001000-20000000b000 bad vm_flags failed -1
[  807.635658][ T7506] vim2m vim2m.0: Fourcc format (0x31384142) invalid.
[  809.192503][ T7554] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  811.157611][ T7644] kernel profiling enabled (shift: 6)
[  811.296539][ T7647] ALSA: mixer_oss: invalid OSS volume ''
[  812.095562][ T7668] ubi: mtd0 is already attached to ubi31
[  813.008978][ T7694] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  814.085220][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  814.092116][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  814.559245][ T7754] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  814.592574][ T7754] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  815.058537][ T7775] Invalid logical block size (2)
[  815.801206][ T7798] input: syz1 as /devices/virtual/input/input128
[  816.241898][ T7819] Failed to get privilege flags for destination (handle=0x0:0x0)
[  816.320486][ T7820] Failed to get privilege flags for destination (handle=0x2:0x10)
[  818.116058][ T7895] AppArmor: change_hat: Invalid input ''
[  818.453970][ T7908] input: syz0 as /devices/virtual/input/input129
[  819.886330][ T7959] CUSE: info not properly terminated
[  820.993135][ T8009] binder: 8008:8009 ioctl c0306201 200000000540 returned -14
[  821.516042][ T8024] binder: 8021:8024 ioctl c0306201 0 returned -14
[  822.376790][ T8061] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  823.089428][ T8090] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  823.176089][ T8101] binder: 8098:8101 ioctl 40046205 0 returned -22
[  823.643497][ T8125] binder: 8098:8125 ioctl c0306201 0 returned -14
[  823.678084][ T8111] binder: 8098:8111 ioctl c0306201 0 returned -14
[  823.981778][ T8101] binder: 8098:8101 ioctl c0306201 200000001a80 returned -14
[  824.284244][ T8150] binder: 8148:8150 ioctl c018620c 200000001180 returned -22
[  827.315639][ T8238] sp0: Synchronizing with TNC
[  827.700540][ T8233] [U] �
[  827.794715][ T8257] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  832.992160][ T8501] CUSE: DEVNAME unspecified
[  833.166175][ T8506] binder: 8504:8506 ioctl 4018620d 0 returned -22
[  833.187566][ T8506] usb usb8: usbfs: process 8506 (syz.0.4690) did not claim interface 0 before use
[  833.771175][ T8526] input: syz1 as /devices/virtual/input/input131
[  838.630687][ T8667] binder: 8663:8667 ioctl c0306201 200000000540 returned -14
[  839.205771][ T8684] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  839.273828][ T8685] CUSE: info not properly terminated
[  841.773146][ T8752] CUSE: DEVNAME unspecified
[  841.997948][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  841.998010][T23010] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  843.688413][ T1216] hid-generic C98F:0003:0000.000B: item fetching failed at offset 0/2
[  843.712577][ T1216] hid-generic C98F:0003:0000.000B: probe with driver hid-generic failed with error -22
[  843.879776][ T8840] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  843.950812][ T8843] input: syz0 as /devices/virtual/input/input134
[  844.190655][ T8851] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  844.453403][ T8871] input: syz1 as /devices/virtual/input/input135
[  845.075936][ T8897] ALSA: mixer_oss: invalid OSS volume ''
[  845.379494][ T8903] binder: 8902:8903 ioctl c018620c 200000001180 returned -22
[  845.605444][ T8911] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  845.861266][ T8921] sp0: Synchronizing with TNC
[  847.923991][ T8992] random: crng reseeded on system resumption
[  848.046285][ T8996] input: syz1 as /devices/virtual/input/input137
[  849.764987][ T9091] input: syz1 as /devices/virtual/input/input138
[  849.916346][ T9091] Bluetooth: hci4: Frame reassembly failed (-84)
[  849.943747][ T4932] Bluetooth: hci4: Frame reassembly failed (-84)
[  851.915192][T23010] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  852.133703][ T9191] input: syz1 as /devices/virtual/input/input139
[  852.172773][ T9191] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  855.448043][ T9308] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  855.982020][ T9348] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  856.882767][ T9374] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  857.639937][ T9404] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  859.219674][ T9462] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  859.911266][ T9496] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  860.019031][ T9505] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  860.039315][ T9508] binder: 9507:9508 ioctl c0306201 2000000003c0 returned -14
[  860.288667][ T9513] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  860.627555][ T9526] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  864.158662][ T9677] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  865.571973][ T9734] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  865.848856][ T9751] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  866.658578][ T9864] autofs4:pid:9864:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.3), cmd(0xc0189377)
[  866.699121][ T9864] autofs4:pid:9864:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377)
[  866.889199][ T9887] can0: slcan on ptm1.
[  867.404984][ T9885] can0 (unregistered): slcan off ptm1.
[  868.010557][ T9958] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  870.198454][T10036] QAT: Device 253 not found
[  870.217157][T10036] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  870.818953][T10068] syz.8.4976: attempt to access beyond end of device
[  870.818953][T10068] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  871.348414][T10093] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  873.514749][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  873.515796][T23010] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  873.779344][T10170] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  874.127778][T10199] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  874.281258][T10211] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  875.528839][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  875.535469][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  875.806690][T10388] input: syz0 as /devices/virtual/input/input148
[  875.948201][T10395] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  877.190957][T10451] loop6: detected capacity change from 0 to 524287999
[  877.207046][T10451] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  877.239558][T10451] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  877.264424][T10451] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  877.277418][T10451] buffer_io_error: 11 callbacks suppressed
[  877.277439][T10451] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  879.529704][T10499] input: syz1 as /devices/virtual/input/input149
[  880.537600][ T1098] Bluetooth: (null): Invalid header checksum
[  880.568761][ T1098] Bluetooth: (null): Invalid header checksum
[  880.653369][ T1098] Bluetooth: (null): Invalid header checksum
[  880.756086][ T1098] Bluetooth: (null): Invalid header checksum
[  880.868426][ T1098] Bluetooth: (null): Invalid header checksum
[  880.977485][ T5915] Bluetooth: (null): Invalid header checksum
[  881.088715][ T1098] Bluetooth: (null): Invalid header checksum
[  881.397865][T10581] vivid-000: disconnect
[  882.210612][T10580] vivid-000: reconnect
[  883.153248][T10639] ALSA: seq fatal error: cannot create timer (-22)
[  883.229430][T10639] syz.5.5054: attempt to access beyond end of device
[  883.229430][T10639] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  884.922182][T10724] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  885.452402][T10759] random: crng reseeded on system resumption
[  885.529154][T10758] Restarting kernel threads ...
[  885.544168][T10758] Done restarting kernel threads.
[  885.646034][T10752] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  886.224490][T10791] input: syz0 as /devices/virtual/input/input150
[  886.976581][T10826] input: syz1 as /devices/virtual/input/input152
[  886.989153][T10826] input: failed to attach handler leds to device input152, error: -6
[  888.317121][T10860] tap0: tun_chr_ioctl cmd 1074025678
[  888.325017][T10860] tap0: group set to 0
[  889.480003][T10917] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  889.605121][T10923] program syz.5.5095 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  890.852903][T10950] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  891.257145][T10954] syz.0.5100: attempt to access beyond end of device
[  891.257145][T10954] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  891.363832][T10959] ALSA: seq fatal error: cannot create timer (-16)
[  891.968695][T10998] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  892.634086][T11019] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  892.944724][T11038] vivid-000: =================  START STATUS  =================
[  892.952479][T11038] vivid-000: Generate PTS: true
[  892.957890][T11038] vivid-000: Generate SCR: true
[  892.962819][T11038] tpg source WxH: 1280x720 (R'G'B)
[  892.968531][T11038] tpg field: 1
[  892.971949][T11038] tpg crop: (0,0)/1280x720
[  892.976822][T11038] tpg compose: (0,0)/16x16
[  892.981365][T11038] tpg colorspace: 9
[  892.986066][T11038] tpg transfer function: 7/7
[  892.990740][T11038] tpg quantization: 2/1
[  892.995439][T11038] tpg RGB range: 2/1
[  892.999379][T11038] vivid-000: ==================  END STATUS  ==================
[  893.520673][T11060] loop6: detected capacity change from 0 to 524287487
[  893.530548][ T4224] Buffer I/O error on dev loop6, logical block 0, async page read
[  893.539525][ T4224] Buffer I/O error on dev loop6, logical block 0, async page read
[  893.547959][ T4224] Buffer I/O error on dev loop6, logical block 0, async page read
[  893.559387][ T4224] Buffer I/O error on dev loop6, logical block 0, async page read
[  893.569062][ T4224] Buffer I/O error on dev loop6, logical block 0, async page read
[  893.614847][T11062] loop6: detected capacity change from 524287487 to 0
[  893.619164][ T4224] Buffer I/O error on dev loop6, logical block 0, async page read
[  893.632580][ T4224] ldm_validate_partition_table(): Disk read failed.
[  893.646011][ T4224] Dev loop6: unable to read RDB block 0
[  893.659316][ T4224]  loop6: unable to read partition table
[  893.676862][ T4224] loop6: partition table beyond EOD, truncated
[  894.047340][T11076] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4093662463 (4093662463 ns) > initial count (1099723850 ns). Using initial count to start timer.
[  894.390064][T11087] ubi: mtd0 is already attached to ubi31
[  894.480641][T11087] syz.5.5129: attempt to access beyond end of device
[  894.480641][T11087] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  895.189627][T11112] binder: 11110:11112 ioctl c0306201 200000000100 returned -22
[  895.371641][T11116] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  897.047361][ T1216] hid-generic 009C:0008:0003.000C: unknown main item tag 0x7
[  897.070067][ T1216] hid-generic 009C:0008:0003.000C: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  897.513440][T11210] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  899.138350][T11287] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  900.173140][T11327] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  900.975669][T11376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  901.378522][T11393] syz.8.5190: attempt to access beyond end of device
[  901.378522][T11393] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  903.776204][T11483] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  904.395947][T11499] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  904.867068][T11515] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  905.499764][T11541] input: syz1 as /devices/virtual/input/input155
[  906.634809][T23010] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  906.634820][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  907.009846][T11582] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  907.148073][T11582] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  907.807429][T11608] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  908.122146][T11623] input: syz0 as /devices/virtual/input/input156
[  908.351425][T11642] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  908.883233][T11669] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  908.916514][T11670] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  910.275449][T11718] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  910.519731][T11729] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  912.289460][T11789] sp0: Synchronizing with TNC
[  912.323189][T11788] [U] �
[  912.386256][T11796] Sensor A: =================  START STATUS  =================
[  912.398873][T11796] Sensor A: Test Pattern: Horizontal 100% Colorbar
[  912.416359][T11796] Sensor A: Show Information: All
[  912.421487][T11796] Sensor A: Vertical Flip: true
[  912.428835][T11796] Sensor A: Horizontal Flip: true
[  912.433996][T11796] Sensor A: Brightness: 3
[  912.438537][T11796] Sensor A: Contrast: 0
[  912.442751][T11796] Sensor A: Hue: 3
[  912.457103][T11796] Sensor A: Saturation: 0
[  912.471750][T11796] Sensor A: ==================  END STATUS  ==================
[  914.983619][T11991] input: syz1 as /devices/virtual/input/input160
[  915.474888][T12020] sp0: Synchronizing with TNC
[  919.374395][T12151] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  920.001744][T12182] input: syz1 as /devices/virtual/input/input161
[  921.616854][T12271] vivid-000: disconnect
[  921.725021][T12270] vivid-000: reconnect
[  924.351104][   T30] audit: type=1400 audit(1750405968.959:21): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A2F2C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=12372 comm="syz.8.5358"
[  924.382426][    C0] vkms_vblank_simulate: vblank timer overrun
[  924.746115][T12385] loop8: detected capacity change from 0 to 7
[  924.761036][T12385] Dev loop8: unable to read RDB block 7
[  924.773420][T12385]  loop8: unable to read partition table
[  924.789310][T12385] loop8: partition table beyond EOD, truncated
[  924.808464][T12385] loop_reread_partitions: partition scan of loop8 (�被x) failed (rc=-5)
[  925.479895][T12417] vim2m vim2m.0: Fourcc format (0x56595559) invalid.
[  926.045382][T12442] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  926.622012][   T62] Bluetooth: hci4: Frame reassembly failed (-84)
[  928.636309][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  928.643204][T23010] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  928.817365][T12532] syz.0.5390: attempt to access beyond end of device
[  928.817365][T12532] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  928.991988][T12529] mkiss: ax0: crc mode is auto.
[  929.248144][T12559] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  929.485021][T12551] [U] �
[  931.080251][T12624] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  931.102295][T12624] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  931.702891][T12662] binder: 12661:12662 ioctl f501 0 returned -22
[  933.542265][T12751] random: crng reseeded on system resumption
[  933.670767][T12751] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  933.816076][T12763] sp0: Synchronizing with TNC
[  934.126482][T12782] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  934.486152][T12806] binder: 12805:12806 ioctl c0306201 2000000002c0 returned -14
[  934.610675][T12814] ALSA: mixer_oss: invalid OSS volume '('
[  936.660723][T12901] loop8: detected capacity change from 0 to 7
[  936.700707][T12901] Dev loop8: unable to read RDB block 7
[  936.706760][T12901]  loop8: unable to read partition table
[  936.717674][T12901] loop8: partition table beyond EOD, truncated
[  936.735372][T12901] loop_reread_partitions: partition scan of loop8 (�被x) failed (rc=-5)
[  936.966758][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  936.973376][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  937.229239][T12910] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  937.254408][T12929] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  939.557323][T13027] binder: 13026:13027 ioctl 40046205 0 returned -22
[  939.875197][T13045] syz.0.5481: attempt to access beyond end of device
[  939.875197][T13045] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  940.734320][T13083] vivid-001: disconnect
[  941.338634][T13110] binder: BC_ATTEMPT_ACQUIRE not supported
[  941.344856][T13110] binder: 13109:13110 ioctl c0306201 200000000100 returned -22
[  941.360973][T13110] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  941.403852][T13081] vivid-001: reconnect
[  941.810762][T13122] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  941.945483][T13132] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  942.131729][T13144] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  942.162546][T13146] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  942.773164][T13179] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  944.807768][T13265] input: syz1 as /devices/virtual/input/input163
[  945.435448][T13283] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  945.707124][T13300] binder: 13294:13300 ioctl c0306201 200000000540 returned -22
[  946.189619][T13317] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  946.211927][T13317] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  946.961030][T13357] syz.7.5532: vmalloc error: size 16105472, failed to allocated page array size 31456, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  947.005358][T13357] CPU: 0 UID: 0 PID: 13357 Comm: syz.7.5532 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  947.005388][T13357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  947.005402][T13357] Call Trace:
[  947.005410][T13357]  <TASK>
[  947.005419][T13357]  dump_stack_lvl+0x189/0x250
[  947.005453][T13357]  ? __pfx_dump_stack_lvl+0x10/0x10
[  947.005477][T13357]  ? __pfx__printk+0x10/0x10
[  947.005500][T13357]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  947.005528][T13357]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  947.005557][T13357]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  947.005588][T13357]  warn_alloc+0x214/0x310
[  947.005624][T13357]  ? __pfx_warn_alloc+0x10/0x10
[  947.005662][T13357]  ? __get_vm_area_node+0x28f/0x300
[  947.005689][T13357]  ? kvm_set_memslot+0x4e2/0x1310
[  947.005714][T13357]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  947.005768][T13357]  ? kvm_set_memslot+0x3e/0x1310
[  947.005792][T13357]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  947.005832][T13357]  ? kvm_set_memslot+0x4e2/0x1310
[  947.005850][T13357]  __vmalloc_noprof+0xb1/0xf0
[  947.005876][T13357]  ? kvm_set_memslot+0x4e2/0x1310
[  947.005900][T13357]  kvm_set_memslot+0x4e2/0x1310
[  947.005925][T13357]  ? kvm_set_memory_region+0x775/0xc00
[  947.005954][T13357]  kvm_set_memory_region+0x9bb/0xc00
[  947.005991][T13357]  kvm_vm_ioctl_set_memory_region+0x6f/0xa0
[  947.006017][T13357]  kvm_vm_ioctl+0x957/0xc60
[  947.006042][T13357]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  947.006068][T13357]  ? do_vfs_ioctl+0x12ba/0x1990
[  947.006096][T13357]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  947.006142][T13357]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  947.006176][T13357]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  947.006208][T13357]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  947.006244][T13357]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  947.006277][T13357]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  947.006317][T13357]  ? kvm_vcpu_ioctl+0xb82/0xe90
[  947.006349][T13357]  ? __lock_acquire+0xab9/0xd20
[  947.006392][T13357]  ? __fget_files+0x2a/0x420
[  947.006427][T13357]  ? __fget_files+0x2a/0x420
[  947.006455][T13357]  ? __fget_files+0x3a0/0x420
[  947.006483][T13357]  ? __fget_files+0x2a/0x420
[  947.006517][T13357]  ? bpf_lsm_file_ioctl+0x9/0x20
[  947.006538][T13357]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  947.006560][T13357]  __se_sys_ioctl+0xfc/0x170
[  947.006587][T13357]  do_syscall_64+0xfa/0x3b0
[  947.006606][T13357]  ? lockdep_hardirqs_on+0x9c/0x150
[  947.006637][T13357]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.006657][T13357]  ? clear_bhb_loop+0x60/0xb0
[  947.006681][T13357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.006701][T13357] RIP: 0033:0x7f043538e929
[  947.006719][T13357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  947.006736][T13357] RSP: 002b:00007f0436181038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  947.006758][T13357] RAX: ffffffffffffffda RBX: 00007f04355b5fa0 RCX: 00007f043538e929
[  947.006773][T13357] RDX: 0000200000000080 RSI: 000000004020ae46 RDI: 0000000000000010
[  947.006786][T13357] RBP: 00007f0435410b39 R08: 0000000000000000 R09: 0000000000000000
[  947.006799][T13357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  947.006811][T13357] R13: 0000000000000000 R14: 00007f04355b5fa0 R15: 00007fffa5b93ab8
[  947.006843][T13357]  </TASK>
[  947.006862][T13357] Mem-Info:
[  947.434821][T13357] active_anon:11385 inactive_anon:0 isolated_anon:0
[  947.434821][T13357]  active_file:1596 inactive_file:44354 isolated_file:0
[  947.434821][T13357]  unevictable:768 dirty:56 writeback:0
[  947.434821][T13357]  slab_reclaimable:11908 slab_unreclaimable:98519
[  947.434821][T13357]  mapped:24345 shmem:4224 pagetables:1731
[  947.434821][T13357]  sec_pagetables:0 bounce:0
[  947.434821][T13357]  kernel_misc_reclaimable:0
[  947.434821][T13357]  free:1318198 free_pcp:24761 free_cma:0
[  947.480097][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.744714][T13357] Node 0 active_anon:47540kB inactive_anon:0kB active_file:9384kB inactive_file:177212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100380kB dirty:224kB writeback:0kB shmem:15360kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12892kB pagetables:6992kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  947.778173][    C1] vkms_vblank_simulate: vblank timer overrun
[  947.907859][T13357] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  948.017982][T13357] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  948.100365][T13357] lowmem_reserve[]: 0 2497 2498 2498 2498
[  948.115648][T13357] Node 0 DMA32 free:1346848kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:55588kB inactive_anon:0kB active_file:12184kB inactive_file:175888kB unevictable:1536kB writepending:224kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:72504kB local_pcp:28268kB free_cma:0kB
[  948.234677][T13357] lowmem_reserve[]: 0 0 1 1 1
[  948.244771][T13357] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB
[  948.288907][T13392] input: syz1 as /devices/virtual/input/input165
[  948.313047][T13357] lowmem_reserve[]: 0 0 0 0 0
[  948.330422][T13357] Node 1 Normal free:3908860kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10880kB local_pcp:10592kB free_cma:0kB
[  948.374485][T13357] lowmem_reserve[]: 0 0 0 0 0
[  948.380979][T13357] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  948.398923][T13357] Node 0 DMA32: 452*4kB (UM) 380*8kB (UME) 275*16kB (UME) 305*32kB (ME) 158*64kB (ME) 50*128kB (UME) 5*256kB (ME) 4*512kB (ME) 3*1024kB (UME) 3*2048kB (UME) 317*4096kB (UM) = 1346496kB
[  948.438191][T13357] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  948.450602][T13357] Node 1 Normal: 209*4kB (UME) 47*8kB (UME) 48*16kB (UME) 242*32kB (UME) 84*64kB (UME) 10*128kB (UME) 5*256kB (UME) 4*512kB (UME) 2*1024kB (UM) 2*2048kB (UE) 948*4096kB (M) = 3908860kB
[  948.472795][T13357] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  948.512872][T13357] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  948.559527][T13357] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  948.574108][T13357] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  948.584000][T13357] 50076 total pagecache pages
[  948.589045][T13357] 0 pages in swap cache
[  948.593236][T13357] Free swap  = 124996kB
[  948.597923][T13357] Total swap = 124996kB
[  948.635164][T13357] 2097051 pages RAM
[  948.639053][T13357] 0 pages HighMem/MovableOnly
[  948.643796][T13357] 425688 pages reserved
[  948.674680][T13357] 0 pages cma reserved
[  949.084138][T13421] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  949.101114][ T2972] Bluetooth: hci4: Frame reassembly failed (-84)
[  950.143194][T13476] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  950.552174][T13489] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  951.115222][T23010] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  951.742512][T13539] syz.8.5562: attempt to access beyond end of device
[  951.742512][T13539] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  952.035044][T13550] input: syz0 as /devices/virtual/input/input166
[  952.041581][T13550] input: failed to attach handler leds to device input166, error: -6
[  953.998498][T13604] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  954.178915][T13617] blktrace: Concurrent blktraces are not allowed on rnullb0
[  954.246742][T13619] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  954.900353][T13633] program syz.5.5577 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  957.170560][T13823] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  957.230636][T13826] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  957.265729][T13826] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  957.349429][T13818] loop6: detected capacity change from 0 to 524287999
[  957.928899][T13835] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  960.423815][T13934] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  961.938232][T13977] usb usb9: usbfs: process 13977 (syz.5.5608) did not claim interface 0 before use
[  963.211465][T14015] syz.8.5611: attempt to access beyond end of device
[  963.211465][T14015] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  964.692077][T14072] loop6: detected capacity change from 0 to 4
[  965.300553][T14103] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  966.041870][T14145] sp0: Synchronizing with TNC
[  967.332289][T14181] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  968.069767][T23010] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  968.080496][T23010] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  968.088233][T14209] usb usb8: usbfs: process 14209 (syz.0.5644) did not claim interface 0 before use
[  968.105457][T23010] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  968.131773][T23010] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  968.156887][T23010] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  968.176347][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  968.196386][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  968.206378][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  968.216115][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  968.228984][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  968.770157][T14256] random: crng reseeded on system resumption
[  969.262285][   T59] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  969.401425][T14269] program syz.5.5651 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  969.650391][   T59] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  969.991937][   T59] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  970.258707][   T59] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  970.316258][T23010] Bluetooth: hci1: command tx timeout
[  970.994011][T14203] chnl_net:caif_netlink_parms(): no params data found
[  971.160277][T14322] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  971.196456][T14322] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  971.281613][   T59] bridge_slave_1: left allmulticast mode
[  971.292577][   T59] bridge_slave_1: left promiscuous mode
[  971.314518][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.435926][   T59] bridge_slave_0: left allmulticast mode
[  971.441672][   T59] bridge_slave_0: left promiscuous mode
[  971.464837][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  974.156981][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  974.245937][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  974.287601][   T59] bond0 (unregistering): Released all slaves
[  975.077237][T14203] bridge0: port 1(bridge_slave_0) entered blocking state
[  975.088098][T14203] bridge0: port 1(bridge_slave_0) entered disabled state
[  975.102340][T14203] bridge_slave_0: entered allmulticast mode
[  975.111037][T14203] bridge_slave_0: entered promiscuous mode
[  975.125921][T14203] bridge0: port 2(bridge_slave_1) entered blocking state
[  975.149966][T14203] bridge0: port 2(bridge_slave_1) entered disabled state
[  975.169452][T14203] bridge_slave_1: entered allmulticast mode
[  975.190507][T14203] bridge_slave_1: entered promiscuous mode
[  975.486387][T14203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  975.710653][T14645] binder: 14636:14645 ioctl c0306201 200000000540 returned -14
[  975.798647][T14203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  976.219851][T14203] team0: Port device team_slave_0 added
[  976.238448][T14203] team0: Port device team_slave_1 added
[  976.545536][   T59] hsr_slave_0: left promiscuous mode
[  976.595249][   T59] hsr_slave_1: left promiscuous mode
[  976.611996][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  976.645791][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  976.786237][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  976.793737][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  976.904505][   T59] veth1_macvtap: left promiscuous mode
[  976.924143][   T59] veth0_macvtap: left promiscuous mode
[  976.933974][   T59] veth1_vlan: left promiscuous mode
[  976.943025][   T59] veth0_vlan: left promiscuous mode
[  978.042708][T14735] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  979.829709][   T59] team0 (unregistering): Port device team_slave_1 removed
[  980.086763][   T59] team0 (unregistering): Port device team_slave_0 removed
[  982.994145][T14203] batman_adv: batadv0: Adding interface: batadv_slave_0
[  983.032953][T14203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  983.101518][T14203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  983.125556][T14203] batman_adv: batadv0: Adding interface: batadv_slave_1
[  983.132578][T14203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  983.158541][    C1] vkms_vblank_simulate: vblank timer overrun
[  983.168456][T14203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  983.507776][T14203] hsr_slave_0: entered promiscuous mode
[  983.540641][T14203] hsr_slave_1: entered promiscuous mode
[  983.586380][T14203] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  983.621000][T14203] Cannot create hsr debugfs directory
[  983.771610][T14868] loop2: detected capacity change from 0 to 7
[  983.813169][T14868] Dev loop2: unable to read RDB block 7
[  983.821313][T14868]  loop2: unable to read partition table
[  983.858395][T14868] loop2: partition table beyond EOD, truncated
[  983.865047][T14868] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  984.670333][T14203] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  984.740075][T14203] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  984.801734][T14203] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  984.853439][T14203] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  984.920927][T14984] input: syz1 as /devices/virtual/input/input169
[  985.222642][T15010] program syz.8.5705 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  985.283104][T14203] 8021q: adding VLAN 0 to HW filter on device bond0
[  985.379570][T14203] 8021q: adding VLAN 0 to HW filter on device team0
[  985.425250][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.432512][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  985.481733][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  985.489027][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  985.573521][T14203] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  986.070949][T15057] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  986.129508][T14203] 8021q: adding VLAN 0 to HW filter on device batadv0
[  986.702967][   T24] hid-generic 009C:0008:0003.000D: unknown main item tag 0x0
[  986.757211][   T24] hid-generic 009C:0008:0003.000D: unknown main item tag 0x0
[  986.798601][   T24] hid-generic 009C:0008:0003.000D: unknown main item tag 0x0
[  986.814793][   T24] hid-generic 009C:0008:0003.000D: unknown main item tag 0x0
[  986.822269][   T24] hid-generic 009C:0008:0003.000D: unexpected long global item
[  986.877351][   T24] hid-generic 009C:0008:0003.000D: probe with driver hid-generic failed with error -22
[  986.980248][T15099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  987.088650][T14203] veth0_vlan: entered promiscuous mode
[  987.117412][T14203] veth1_vlan: entered promiscuous mode
[  987.270570][T14203] veth0_macvtap: entered promiscuous mode
[  987.303140][T14203] veth1_macvtap: entered promiscuous mode
[  987.368209][T15114] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  987.438893][T14203] batman_adv: batadv0: Interface activated: batadv_slave_0
[  987.487984][T14203] batman_adv: batadv0: Interface activated: batadv_slave_1
[  987.528499][T14203] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  987.565543][T14203] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  987.591853][T14203] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  987.621126][T14203] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  988.187611][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  988.199663][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  988.332740][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  988.365841][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  991.443106][T15281] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  992.485282][T15304] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4093662463 (4093662463 ns) > initial count (1099723850 ns). Using initial count to start timer.
[  994.297536][T15393] QAT: Invalid ioctl 21531
[  995.322370][T15435] binder: 15434:15435 ioctl c00c620f 200000000180 returned -22
[  996.073993][T15463] autofs4:pid:15463:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.3), cmd(0xc0189377)
[  996.159880][T15463] autofs4:pid:15463:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377)
[  996.379851][T15469] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  996.667329][T15485] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  996.919287][T15485] loop6: detected capacity change from 0 to 524287999
[  997.039504][T15504] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  998.175976][T15624] input: syz1 as /devices/virtual/input/input172
[  998.404620][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  998.411057][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  998.440450][   T24] hid-generic 0000:0000:0000.000E: unknown main item tag 0x4
[  998.452234][   T24] hid-generic 0000:0000:0000.000E: unknown main item tag 0x2
[  998.481412][   T24] hid-generic 0000:0000:0000.000E: unknown main item tag 0x3
[  998.502687][   T24] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  998.763372][T15666] fido_id[15666]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  998.889174][T15708] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  999.504761][T15746] binder: 15744:15746 ioctl c018620c 0 returned -14
[ 1001.441613][T15834] dlm: non-version read from control device 104
[ 1001.481159][T15835] input: syz1 as /devices/virtual/input/input175
[ 1001.642163][T15845] binder: 15844:15845 ioctl c00c620f 0 returned -14
[ 1002.470505][T15845] binder: 15844:15845 ioctl c0306201 200000001680 returned -14
[ 1003.348547][   T30] audit: type=1400 audit(1750406047.959:22): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name="/proc/thread-self/attr/current" pid=15916 comm="syz.9.5805"
[ 1003.446970][T15922] binder: 15920:15922 ioctl c0306201 200000000300 returned -22
[ 1003.578639][T15929] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1004.509756][T15959] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1004.663775][T15977] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1004.827540][T15982] input: syz1 as /devices/virtual/input/input177
[ 1005.401678][T16018] vim2m vim2m.0: Fourcc format (0x47524247) invalid.
[ 1005.422329][T16018] vim2m vim2m.0: Fourcc format (0x47524247) invalid.
[ 1008.321302][T15224] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[ 1008.341472][T15224] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[ 1008.351346][T15224] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[ 1008.360331][T15224] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[ 1008.368460][T15224] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[ 1008.408913][T15224] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[ 1008.541963][T16157] fido_id[16157]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1009.838464][T16195] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0)
[ 1010.048815][T16204] Falling back ldisc for ttyS3.
[ 1010.935677][T16253] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1010.991907][T16258] [U] 
[ 1012.923547][T16345] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1014.636640][T16456] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1014.693176][T16461] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1014.741347][T16464] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1017.306357][T16577] binder: 16574:16577 ioctl c018620b 200000000100 returned -14
[ 1017.780664][T16596] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1019.607237][T16645] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1021.371953][T16727] binder: 16726:16727 unknown command 0
[ 1021.385622][T16727] binder: 16726:16727 ioctl c0306201 2000000003c0 returned -22
[ 1021.583983][T16739] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1023.471280][T16819] usb usb8: usbfs: process 16819 (syz.0.5947) did not claim interface 0 before use
[ 1023.484095][T16826] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1023.830502][T16844] dlm: non-version read from control device 2
[ 1023.889293][T16846] program syz.5.5950 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1023.980739][T16846] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1025.027950][T16889] kvm: kvm [16888]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x4000000000000001
[ 1026.716473][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1026.730528][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1026.739103][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1026.765337][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1026.773242][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1026.802670][T23010] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1026.812493][T23010] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1026.822668][T23010] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1026.848789][T23010] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1026.853198][T16940] Falling back ldisc for ttynull.
[ 1026.880383][T23010] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1027.611220][ T5915] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1027.949424][ T5915] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1028.312790][ T5915] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1028.617310][ T5915] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1028.953526][T16942] chnl_net:caif_netlink_parms(): no params data found
[ 1028.972830][   T51] Bluetooth: hci0: command tx timeout
[ 1029.255912][ T2972] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1029.598422][T16942] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1029.615656][T16942] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1029.623235][T16942] bridge_slave_0: entered allmulticast mode
[ 1029.654185][T16942] bridge_slave_0: entered promiscuous mode
[ 1029.734607][T16942] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1029.756848][T16942] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1029.777058][T16942] bridge_slave_1: entered allmulticast mode
[ 1029.797173][T16942] bridge_slave_1: entered promiscuous mode
[ 1030.021461][T16942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1030.060882][ T5915] bridge_slave_1: left allmulticast mode
[ 1030.076672][ T5915] bridge_slave_1: left promiscuous mode
[ 1030.083824][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1030.186841][ T5915] bridge_slave_0: left allmulticast mode
[ 1030.192569][ T5915] bridge_slave_0: left promiscuous mode
[ 1030.208763][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1031.034818][ T5850] Bluetooth: hci0: command tx timeout
[ 1031.275075][T23010] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1031.284838][   T51] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[ 1031.288147][ T5850] Bluetooth: hci4: command 0xfc11 tx timeout
[ 1032.828013][ T5915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1032.926337][ T5915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1032.987248][ T5915] bond0 (unregistering): Released all slaves
[ 1033.093167][T16942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1033.116835][   T51] Bluetooth: hci0: command tx timeout
[ 1033.852703][T16942] team0: Port device team_slave_0 added
[ 1033.866705][T17238] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1033.876467][T17238] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[ 1033.903598][T16942] team0: Port device team_slave_1 added
[ 1034.247011][T16942] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1034.254070][T16942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1034.284247][T16942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1034.298784][T16942] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1034.307693][T16942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1034.335182][T16942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1034.707937][T17338] QAT: Device 7 not found
[ 1034.742543][T17338] QAT: Invalid ioctl -1060596699
[ 1034.765388][T17338] QAT: Invalid ioctl -1070591350
[ 1034.951672][ T5915] hsr_slave_0: left promiscuous mode
[ 1035.025919][ T5915] hsr_slave_1: left promiscuous mode
[ 1035.053621][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1035.083501][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1035.158757][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1035.184270][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1035.336471][ T5915] veth1_macvtap: left promiscuous mode
[ 1035.350133][ T5915] veth0_macvtap: left promiscuous mode
[ 1035.370140][ T5915] veth1_vlan: left promiscuous mode
[ 1035.395747][ T5915] veth0_vlan: left promiscuous mode
[ 1035.408086][T17359] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1036.240924][T17385] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1037.346262][   T30] audit: type=1400 audit(1750406081.959:23): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=17402 comm="syz.8.5992"
[ 1038.418427][ T5915] team0 (unregistering): Port device team_slave_1 removed
[ 1038.640371][ T5915] team0 (unregistering): Port device team_slave_0 removed
[ 1040.961334][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1040.970655][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1040.996332][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1041.006879][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1041.025829][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1041.043644][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1041.056308][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1041.067733][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1041.087777][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1041.101293][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1041.779722][T17456] CUSE: zero length info key specified
[ 1042.138198][T16942] hsr_slave_0: entered promiscuous mode
[ 1042.148874][T16942] hsr_slave_1: entered promiscuous mode
[ 1042.175694][T17455] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1042.203618][T17455] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1044.591225][T17730] [U] 
[ 1044.605513][T17730] [U] K{�
[ 1044.608793][T17730] [U] �T �1��Š�F���Fˊ�`G�Jǘ�G���������O��/�MC�
[ 1044.624918][T17730] [U] T�ؖ/,�~�Ĝ��J���}8���'O1��"�7-΂JQ�K��W��Q�5C%"�H12��Y������X�`���ȼ`+��(�¿!(���Z'�TXLN�I�G�J����ݭ�P�~�7�!���"ب���(�5�OBܤ�̓J�
[ 1044.644025][T17730] [U] �K\&�}6�6�X�HX��Ե���.`�A�$�40|϶��9��ި����U��4��ĮVBZ��}�W�M�T���Q��ΦR�4��
[ 1044.674325][T17730] [U] ".H6��"�KÇ[����J�4��I�N��[Z(��C|T�]Z{��3�C=��X�Ԟ˅�4�W�)\T�XJ��SH{Q;̹���T��+���G��߮D�.˂�>Y����WUH�FN����HL]S�2���\G%�O�&Z)�К'�PUL�_<�	�ذ�Ү��`ұT��ޜ���;_�"(�U{7J��2X �/�'��C���I����H�C�ճ�V�=��AI�%W�ES� R��J�Μ���G��R��͡HI
���A��6-�D��V�� I"��Nƨ ��ASC~4���8C�*�OO5/ߜJ�~���W�VK+����3��Y)��M���V��YQƽ�DTR�
OTPEM%F��EJ�A5��T_-X~�^AAۂҘ�Q��
[ 1044.713194][T17730] [U] 	+�W�G?]��'A:	��)�
����' B>T���F/��<'�U�'��H�I�.+]E�.�-ɿ߿�%��>2`�^U�8F.�6��3��+�A�«���G3�P��6:�^0��T��V�'E�T����YC�N��Rϩ�N�PJ�;�Z����ۑ8!��\م�A�ʖ2��$е�­WI.��#��/BAI���`��4J��D�Y@�Z��GW�5˿B��ٜ�N�Y"VI2��
[ 1044.748114][T17730] [U] �T�_K5�T�YJ���9��C�$BR�L�NUL��9W���|�G�"ʃ�%�ڶ�C�؝���Q��
 ��3��Q��N^HP*��$	�.�7Yӱ�2�
[ 1044.766321][T17730] [U] �?���H��*����3͝7�ɍ�^#Q�"0~���(�O�XL�B�,'V��=���C�S���G�S��0�ւ��`���ه��=1(�ξ��P#�2DO*Ƀ
[ 1044.779685][T17730] [U] �S��G������GU��D-{���|&�����ѐ2��L�C_��!`��OZ֥�B��%>�RѶ�WχݎSS�H"�YA4�O.�Y��ď�RTԶ�B�[+/<<R�B����|ФE���۠�V96#���ͤʦJ�U�%
S851���ҩS�P��\��?Q�|L��QX�0�K�1ORɴ2��|��D�F���ِ��2ޔ���0��H�}C[/����PX^��O
[ 1044.882125][T17728] [U] �؛���(J�Л��M��XZ�;�����؝_����*3�3��5�\�XM��U��AK!AQ`�
[ 1044.974349][ T5915] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1045.475364][T17416] chnl_net:caif_netlink_parms(): no params data found
[ 1045.637753][ T5915] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1045.906404][ T5915] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1046.227254][ T5915] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1046.387989][T17416] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1046.395641][T17416] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1046.402928][T17416] bridge_slave_0: entered allmulticast mode
[ 1046.411866][T17416] bridge_slave_0: entered promiscuous mode
[ 1046.436335][T17416] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1046.444230][T17416] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1046.452193][T17416] bridge_slave_1: entered allmulticast mode
[ 1046.460569][T17416] bridge_slave_1: entered promiscuous mode
[ 1046.681521][T17416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1046.694320][T17416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1046.917279][T16942] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1046.976952][T17416] team0: Port device team_slave_0 added
[ 1046.990051][T17416] team0: Port device team_slave_1 added
[ 1047.004650][T16942] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1047.060819][T16942] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1047.388574][T16942] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1047.438511][T17416] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1047.447071][T17416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1047.473525][T17416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1047.486839][T17416] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1047.493844][T17416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1047.520311][T17416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1047.637268][ T5915] bridge_slave_1: left allmulticast mode
[ 1047.643068][ T5915] bridge_slave_1: left promiscuous mode
[ 1047.650301][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1047.745673][ T5915] bridge_slave_0: left allmulticast mode
[ 1047.751370][ T5915] bridge_slave_0: left promiscuous mode
[ 1047.757730][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.785952][ T5915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1049.866147][ T5915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1049.936575][ T5915] bond0 (unregistering): Released all slaves
[ 1050.248741][T17416] hsr_slave_0: entered promiscuous mode
[ 1050.255883][T17416] hsr_slave_1: entered promiscuous mode
[ 1050.262306][T17416] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1050.270313][T17416] Cannot create hsr debugfs directory
[ 1051.245035][ T5915] hsr_slave_0: left promiscuous mode
[ 1051.285898][ T5915] hsr_slave_1: left promiscuous mode
[ 1051.292005][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1051.301734][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1051.357940][ T5915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1051.365549][ T5915] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1051.461720][ T5915] veth1_macvtap: left promiscuous mode
[ 1051.467441][ T5915] veth0_macvtap: left promiscuous mode
[ 1051.473179][ T5915] veth1_vlan: left promiscuous mode
[ 1051.478899][ T5915] veth0_vlan: left promiscuous mode
[ 1051.905233][T18036] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1053.936629][T18076] [U] 
[ 1054.228487][ T5915] team0 (unregistering): Port device team_slave_1 removed
[ 1054.485693][ T5915] team0 (unregistering): Port device team_slave_0 removed
[ 1058.180240][T18148] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1058.195060][T18148] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1058.219080][T18148] iommufd_mock iommufd_mock2: Adding to iommu group 2
[ 1058.252413][T18157] CUSE: unknown device info "MzP���{U��җ�E�s��Z$cw#�/�f�}ٔ�b,Q�[{��Ʈ$
[ 1058.252413][T18157] �4&I:#5o6�3�ю.l%��wC
[ 1058.252413][T18157] �?"
[ 1058.254042][T18148] iommufd_mock iommufd_mock3: Adding to iommu group 3
[ 1058.290476][T18148] iommufd_mock iommufd_mock4: Adding to iommu group 4
[ 1058.318807][T18157] CUSE: unknown device info "v�2�.7���˂����*5����SEAy���	�`?e`��l6ݡ���Q0V84܎{c"�K��^�vaO֐M ����8�f1�\.dž6��(3�i�����fω11,kb���z���"�NXj�}�	�~
�wu/�K�9�.��r��פ�"
[ 1058.345355][T18157] CUSE: DEVNAME unspecified
[ 1058.364901][T16942] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1059.139715][T16942] 8021q: adding VLAN 0 to HW filter on device team0
[ 1059.182223][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1059.189486][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1059.223149][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1059.230425][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1059.849712][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[ 1059.856683][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[ 1060.412131][T17416] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1060.499235][T17416] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1060.569302][T17416] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1060.629818][T17416] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1060.769810][T16942] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1061.073602][T17416] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1061.132128][T17416] 8021q: adding VLAN 0 to HW filter on device team0
[ 1061.433044][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1061.440374][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1061.470993][T18303] syz.8.6040: attempt to access beyond end of device
[ 1061.470993][T18303] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1061.492187][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1061.499435][ T5915] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1061.920353][T16942] veth0_vlan: entered promiscuous mode
[ 1061.958465][T16942] veth1_vlan: entered promiscuous mode
[ 1062.092576][T16942] veth0_macvtap: entered promiscuous mode
[ 1062.112207][T16942] veth1_macvtap: entered promiscuous mode
[ 1062.182567][T16942] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1062.229743][T16942] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1062.286654][T16942] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.305735][T16942] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.337285][T16942] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.348080][T16942] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.371978][T18334] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1062.651112][T17416] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1062.735843][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1062.735877][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1062.839378][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1062.854271][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1062.862836][T17416] veth0_vlan: entered promiscuous mode
[ 1062.930977][T17416] veth1_vlan: entered promiscuous mode
[ 1063.040652][T17416] veth0_macvtap: entered promiscuous mode
[ 1063.067946][T17416] veth1_macvtap: entered promiscuous mode
[ 1063.164214][T17416] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1063.224259][T17416] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1063.271141][T17416] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.300978][T17416] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.325112][T17416] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.333891][T17416] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.743319][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1063.776367][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1063.856092][T18413] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1063.916661][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1063.992462][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1066.984615][T18566] can0: slcan on ptm0.
[ 1067.455923][   T62] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1068.319156][T18631] input: syz0 as /devices/virtual/input/input185
[ 1068.434678][T18560] can0 (unregistered): slcan off ptm0.
[ 1068.668454][T18646] binder: BINDER_SET_CONTEXT_MGR already set
[ 1068.676328][T18646] binder: 18645:18646 ioctl 4018620d 200000000080 returned -16
[ 1069.458768][T18695] binder: 18690:18695 ioctl c00c620f 0 returned -14
[ 1069.514703][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1069.521752][ T5850] Bluetooth: hci4: command 0x1003 tx timeout
[ 1071.503098][T18774] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1072.850249][T18833] input: syz1 as /devices/virtual/input/input186
[ 1073.017827][T18842] tap0: tun_chr_ioctl cmd 1074025672
[ 1073.023462][T18842] tap0: ignored: set checksum enabled
[ 1074.969387][T18900] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1077.124782][T18986] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1077.155778][T18986] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1077.465432][T18999] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1078.562741][T19046] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1078.597984][T19047] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1079.405574][T19094] sp0: Synchronizing with TNC
[ 1079.602013][T19104] loop6: detected capacity change from 0 to 63
[ 1079.632117][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.719672][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.740353][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.770334][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.779485][T19094] [U] �
[ 1079.847839][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.884859][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.909917][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.934927][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1079.985932][T19104] ldm_validate_partition_table(): Disk read failed.
[ 1080.058178][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1080.094776][T19104] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1080.165033][T19104] Dev loop6: unable to read RDB block 0
[ 1080.171200][T19104]  loop6: unable to read partition table
[ 1080.235814][T19104] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[ 1081.973318][ T5206] ldm_validate_partition_table(): Disk read failed.
[ 1081.994902][ T5206] Dev loop6: unable to read RDB block 0
[ 1082.010605][ T5206]  loop6: unable to read partition table
[ 1082.040833][ T5206] ldm_validate_partition_table(): Disk read failed.
[ 1082.049778][ T5206] Dev loop6: unable to read RDB block 0
[ 1082.068854][ T5206]  loop6: unable to read partition table
[ 1083.117766][   T30] audit: type=1800 audit(1750406127.729:24): pid=19227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6143" name="[kvm-gmem]" dev="anon_inodefs" ino=200433 res=0 errno=0
[ 1084.975593][T19313] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1087.360455][T19419] random: crng reseeded on system resumption
[ 1087.486969][T19419] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1087.848516][T19435] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=io+mem:owns=io+mem
[ 1088.790549][T19488] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 1089.848016][T19519] mkiss: ax0: crc mode is auto.
[ 1090.150065][T19540] CUSE: info not properly terminated
[ 1090.443166][T19548] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1090.628561][T19560] syz.5.6188 (19560): drop_caches: 0
[ 1091.164233][T19571] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1092.264477][   T30] audit: type=1400 audit(1750406136.859:25): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=19621 comm="syz.0.6198"
[ 1092.705809][T19647] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1092.913695][T19658] program syz.5.6203 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1093.808032][T19709] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1093.849013][T19709] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1094.025274][T19720] input: syz1 as /devices/virtual/input/input189
[ 1094.556374][T19747] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1095.051726][T19771] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1097.476561][T19886] vivid-002: =================  START STATUS  =================
[ 1097.484382][T19886] vivid-002: ==================  END STATUS  ==================
[ 1097.695769][T19894] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1097.909020][T19902] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1098.226363][T19919] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1098.928973][T19959] input: syz0 as /devices/virtual/input/input190
[ 1098.983921][T19956] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1100.299204][T20041] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1101.855734][T20099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1102.108948][   T36] Bluetooth: Error in BCSP hdr checksum
[ 1102.364897][ T1098] Bluetooth: Error in BCSP hdr checksum
[ 1102.459029][T20117] input input191: cannot allocate more than FF_MAX_EFFECTS effects
[ 1102.942864][T20129] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1103.342546][T20148] vivid-000: disconnect
[ 1103.349349][T20146] program syz.8.6278 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1103.388274][T20146] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1103.395630][T20148] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1103.543604][   T36] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1103.566923][T20147] vivid-000: reconnect
[ 1103.605877][T20156] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1103.634572][ T5915] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1103.914705][T23010] Bluetooth: hci4: command 0x1003 tx timeout
[ 1103.916792][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1105.182721][T20212] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1105.200030][T20212] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1105.595714][ T5850] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[ 1105.598082][   T51] Bluetooth: hci5: command 0xfc11 tx timeout
[ 1107.132725][T20293] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1108.462465][T20341] random: crng reseeded on system resumption
[ 1108.743862][T20344] input: syz1 as /devices/virtual/input/input193
[ 1109.237264][T20364] vivid-000: disconnect
[ 1109.644408][T20358] vivid-000: reconnect
[ 1111.037871][T20410] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1112.613820][T20491] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1112.751900][T20498] binder: 20495:20498 ioctl c0306201 0 returned -14
[ 1113.025902][T20512] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1113.914876][T20541] sp0: Synchronizing with TNC
[ 1115.523124][T20624] [U] 
[ 1119.641752][T20810] input: syz1 as /devices/virtual/input/input196
[ 1120.073998][T20847] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1120.126707][T20845] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1120.737319][T20894] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1121.285414][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[ 1121.291816][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[ 1124.138258][T21025] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1125.583945][T21083] input: syz0 as /devices/virtual/input/input198
[ 1128.321417][T21192] kvm: user requested TSC rate below hardware speed
[ 1131.691745][T21312] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1132.406307][T21348] binder: BC_ATTEMPT_ACQUIRE not supported
[ 1132.412199][T21348] binder: 21347:21348 ioctl c0306201 200000000100 returned -22
[ 1132.781392][T21363] syz.8.6454 (21363) used obsolete PPPIOCDETACH ioctl
[ 1134.199023][   T30] audit: type=1800 audit(1750406178.809:26): pid=21410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6465" name="dmabuf" dev="dmabuf" ino=44 res=0 errno=0
[ 1136.034421][T21471] dlm: no local IP address has been set
[ 1136.045798][T21471] dlm: cannot start dlm midcomms -107
[ 1137.025533][T21506] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1143.240589][  T590] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[ 1143.310916][T21887] QAT: Invalid ioctl -1070033861
[ 1144.491152][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1144.510457][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1144.522972][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1144.538972][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1144.546928][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1144.577582][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1144.587629][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1144.601388][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1144.612326][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1144.623740][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1145.186377][T21955] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1145.213608][T21956] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1145.493021][T21977] usb usb9: usbfs: process 21977 (syz.0.6538) did not claim interface 0 before use
[ 1145.520836][T21977] QAT: failed to copy from user cfg_data.
[ 1145.592588][ T4932] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1146.153768][T22005] [U] 
[ 1146.162691][ T4932] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1146.188382][T22005] [U] K{�
[ 1146.191689][T22005] [U] �T �1��Š�F���Fˊ�`G�Jǘ�G���������O��/�MC�
[ 1146.204388][T22005] [U] T�ؖ/,�~�Ĝ��J���}8���'O1��"�7-΂JQ�K��W��Q�5C%"�H12��Y������X�`���ȼ`+��(�¿!(���Z'�TXLN�I�G�J����ݭ�P�~�7�!���"ب���(�5�OBܤ�̓J�
[ 1146.225331][T22005] [U] �K\&�}6�6�X�HX��Ե���.`�A�$�40|϶��9��ި����U��4��ĮVBZ��}�W�M�T���Q��ΦR�4��
[ 1146.237995][T22005] [U] ".H6��"�KÇ[����J�4��I�N��[Z(��C|T�]Z{��3�C=��X�Ԟ˅�4�W�)\T�XJ��SH{Q;̹���T��+���G��߮D�.˂�>Y����WUH�FN����HL]S�2���\G%�O�&Z)�К'�PUL�_<�	�ذ�Ү��`ұT��ޜ���;_�"(�U{7J��2X �/�'��C���I����H�C�ճ�V�=��AI�%W�ES� R��J�Μ���G��R��͡HI
���A��6-�D��V�� I"��Nƨ ��ASC~4���8C�*�OO5/ߜJ�~���W�VK+����3��Y)��M���V��YQƽ�DTR�
OTPEM%F��EJ�A5��T_-X~�^AAۂҘ�Q��
[ 1146.276184][T22005] [U] 	+�W�G?]��'A:	��)�
����' B>T���F/��<'�U�'��H�I�.+]E�.�-ɿ߿�%��>2`�^U�8F.�6��3��+�A�«���G3�P��6:�^0��T��V�'E�T����YC�N��Rϩ�N�PJ�;�Z����ۑ8!��\م�A�ʖ2��$е�­WI.��#��/BAI���`��4J��D�Y@�Z��GW�5˿B��ٜ�N�Y"VI2��
[ 1146.301541][T22005] [U] �T�_K5�T�YJ���9��C�$BR�L�NUL��9W���|�G�"ʃ�%�ڶ�C�؝���Q��
 ��3��Q��N^HP*��$	�.�7Yӱ�2�
[ 1146.313366][T22005] [U] �?���H��*����3͝7�ɍ�^#Q�"0~���(�O�XL�B�,'V��=���C�S���G�S��0�ւ��`���ه��=1(�ξ��P#�2DO*Ƀ
[ 1146.327139][T22005] [U] �S��G������GU��D-{���|&�����ѐ2��L�C_��!`��OZ֥�B��%>�RѶ�WχݎSS�H"�YA4�O.�Y��ď�RTԶ�B�[+/<<R�B����|ФE���۠�V96#���ͤʦJ�U�%
S851���ҩS�P��\��?Q�|L��QX�0�K�1ORɴ2��|��D�F���ِ��2ޔ���0��H�}C[/����PX^��O
[ 1146.351850][T22005] [U] �؛���(J�Л��M��XZ�;�����؝_����*3�3��5�\�XM��U��AK!AQ`��;FЕ�I+��VUH���M�J��Ʒ��Z�C��Z���)_ǟ�	ԑ�&�֡��A�XTO���_� ڼ�:���%��P���Cֲ�Y�+_�ܛ��}U�M��ƫC�!KJ�7пG��=B�
[ 1146.373039][T22005] [U] ٽ�F�%�XA��L�2R*G��VW��$��J	�A��F����+ؾ9̈́VI�֗�Kپ�1}_��
��%�R6��(]��/��ؐřYܺ��Hä���R G��RN/ܫ�#!�D����%���D��-{�$�VU��T���$:MTR�E�C1V�D~��];[�����SQ����(��E,X�8�"�
��G�D�ڵ2@T8���҃����T8.RC+�@�ʦ�P�U�
P����C���'ńYL�-SS1E?�7�O���^]����C�½H]�JKR]RKQ܆��ݣ޴OTC��X���4�N�	��&����ڋ��@�:M7�~�+�W*���XM��>>��{Q���
_�՝LX8�U����{�Z��ؐ)��7?�RR;�C�R�Hײڣ����1�>)�Mă‰�T���(��Aϝ�}9�ڥ�J*Mќ�ġ�'L��Q	�DW��ظ=��|Q�	�Æ�W;5��Ž�!�DB�X`ɧ�/��E�`ƦM��X��"�\
[ 1146.437964][T22005] [U] {;�ե�٘_�O2��)�O��.2�W2ʲ��Y���X_  HPϱ�S�D����:]�{�����Ƚ
[ 1146.450745][T22005] [U] I,�>�Ӥ	��5�1��^1�N4�OǶ�'0�?֒I�9W.�_.�W�A���V��`)�Z���C6GIӹ�A��XL[����F�*��O�W)+��'\N�
[K@����2�Ǭ���P"^`���	ؿ
[ 1146.471979][T22005] [U] 22��Ʃ�۩X?0;3U�
[ 1146.483690][T22005] [U] ޜ�
ƍ�SOBX�8�W�4��(�~/���K�U��ԖOQ�E+�G�-Y�GY_
�>V�����3.H�ә]̈́�2��)�D�,	��	�D~�D���+�W;A\�F
P��Ș|$��)�
KؐI���ɿK�YT^R���Ǚ���A=�#�ܜ	�Ϳ�AE��T�1��ݯ4K�.E"R�S|П�S���:��>P��R�"Z�ڭ���#P!�KY"�}��F�N84ܳ��Hޱ�O��S��̫%DLW�MƲ�
[ 1146.608664][T22005] [U] [�['XN�'�����,MR��/����1D=!D�X91B�
WǻR�LF���K̤Z��#�`̑L؛�˜��B~�M���
[ 1146.618464][T22005] [U] �L�>�сD+�D�����"5�ʍ�H3<���IR=F^�F�N��������V���D�OIO�:U�>�Y�
[ 1146.627451][T22005] [U] 'B�6V�20�ķǞ��׌�"T8�{9�FW��]���̩�
[ 1146.634886][T22005] [U] �72މ���U�C6����τI]8C��TۨQSK�Y��I��¹ �|V'�TV/��G�$[� 9KH`�"ܑ��}��[^=��0�]��%�̂T�����F�_V�4C���
[ 1146.647667][T22005] [U] �EC�
[ 1146.651270][T22005] [U] ���|���<��:^�3$7NK~�-�@��?��/MTL��۾�I�WȬ@G~T�{��P�+�$�JP|���I�RIӍPM� ��Y� ڔ8�T���V�����,�L�,�
[ 1146.734399][ T5850] Bluetooth: hci3: command tx timeout
[ 1146.974965][T22086] binder: 22080:22086 ioctl c018620c 200000000640 returned -22
[ 1147.019737][ T4932] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1147.102633][T22001] [U] �K�����)0���~ܳʪ�IP'�F�ҜZ��R���@B�]�5��{��ʼ�'�8�ƥF��UTQUD
ǩ�K;7ͪ0C[��Y���YC���ذM��L�8�T�͚�5���RX����W� X���OQHVI'8����L�
[ 1147.387836][ T4932] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1147.503336][T21913] chnl_net:caif_netlink_parms(): no params data found
[ 1148.003924][T21913] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1148.020135][T21913] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1148.035390][T21913] bridge_slave_0: entered allmulticast mode
[ 1148.053613][T21913] bridge_slave_0: entered promiscuous mode
[ 1148.072373][T21913] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1148.089966][T21913] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1148.109336][T21913] bridge_slave_1: entered allmulticast mode
[ 1148.123753][T21913] bridge_slave_1: entered promiscuous mode
[ 1148.404147][T21913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1148.427856][T21913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1148.706355][ T4932] bridge_slave_1: left allmulticast mode
[ 1148.729866][ T4932] bridge_slave_1: left promiscuous mode
[ 1148.745036][ T4932] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1148.769814][   T30] audit: type=1400 audit(1750406193.379:27): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=22273 comm="syz.0.6555"
[ 1148.794912][ T5850] Bluetooth: hci3: command tx timeout
[ 1148.845604][ T4932] bridge_slave_0: left allmulticast mode
[ 1148.851315][ T4932] bridge_slave_0: left promiscuous mode
[ 1148.858327][ T4932] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1148.874825][T22003] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1148.880981][T22003] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[ 1150.897156][ T4932] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1150.965588][ T4932] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1150.991120][ T4932] bond0 (unregistering): Released all slaves
[ 1151.046533][T21913] team0: Port device team_slave_0 added
[ 1151.180101][T21913] team0: Port device team_slave_1 added
[ 1151.603648][T21913] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1151.613597][T21913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1151.643195][T21913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1151.663477][T21913] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1151.670721][T21913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1151.705698][T21913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1151.937676][T21913] hsr_slave_0: entered promiscuous mode
[ 1151.944410][T21913] hsr_slave_1: entered promiscuous mode
[ 1151.952883][T21913] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1151.970475][T21913] Cannot create hsr debugfs directory
[ 1153.503192][T21913] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1153.549810][T21913] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1153.595501][T21913] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1153.639012][T21913] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1153.853492][T21913] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1153.891536][T21913] 8021q: adding VLAN 0 to HW filter on device team0
[ 1153.912504][ T2972] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1153.919770][ T2972] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1153.949002][ T2972] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1153.956298][ T2972] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1154.306547][T21913] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1154.659880][T21913] veth0_vlan: entered promiscuous mode
[ 1154.672496][T21913] veth1_vlan: entered promiscuous mode
[ 1154.703959][T21913] veth0_macvtap: entered promiscuous mode
[ 1154.715948][T21913] veth1_macvtap: entered promiscuous mode
[ 1154.737212][T21913] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1154.752124][T21913] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1154.765052][T21913] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.773807][T21913] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.782697][T21913] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.791468][T21913] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1182.723371][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.729900][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[ 1244.162021][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[ 1244.168485][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[ 1292.154759][   T31] INFO: task kworker/1:0:24 blocked for more than 143 seconds.
[ 1292.162531][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1292.170442][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1292.179346][   T31] task:kworker/1:0     state:D stack:24296 pid:24    tgid:24    ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1292.191479][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 1292.198368][   T31] Call Trace:
[ 1292.201703][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1292.204703][   T31]  __schedule+0x16f5/0x4d00
[ 1292.209287][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1292.214830][   T31]  ? schedule+0x165/0x360
[ 1292.219227][   T31]  ? __pfx___schedule+0x10/0x10
[ 1292.224157][   T31]  ? schedule+0x91/0x360
[ 1292.228516][   T31]  schedule+0x165/0x360
[ 1292.232735][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1292.238451][   T31]  __mutex_lock+0x724/0xe80
[ 1292.243209][   T31]  ? look_up_lock_class+0x74/0x170
[ 1292.248456][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1292.253199][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 1292.259634][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1292.264811][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1292.270593][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1292.285418][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 1292.291580][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1292.314600][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1292.320547][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1292.334510][   T31]  worker_thread+0x8a0/0xda0
[ 1292.339238][   T31]  kthread+0x70e/0x8a0
[ 1292.343362][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1292.350304][   T31]  ? __pfx_kthread+0x10/0x10
[ 1292.355193][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1292.364737][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1292.370030][   T31]  ? __pfx_kthread+0x10/0x10
[ 1292.384530][   T31]  ret_from_fork+0x3f9/0x770
[ 1292.389225][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1292.399827][   T31]  ? __switch_to_asm+0x39/0x70
[ 1292.408208][   T31]  ? __switch_to_asm+0x33/0x70
[ 1292.413052][   T31]  ? __pfx_kthread+0x10/0x10
[ 1292.419253][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1292.424118][   T31]  </TASK>
[ 1292.439353][   T31] INFO: task syz.5.6541:22001 blocked for more than 143 seconds.
[ 1292.449431][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1292.457546][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1292.468771][   T31] task:syz.5.6541      state:D stack:23528 pid:22001 tgid:22001 ppid:16942  task_flags:0x400040 flags:0x00004004
[ 1292.481072][   T31] Call Trace:
[ 1292.484394][   T31]  <TASK>
[ 1292.487646][   T31]  __schedule+0x16f5/0x4d00
[ 1292.492212][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1292.497468][   T31]  ? schedule+0x165/0x360
[ 1292.501848][   T31]  ? __pfx___schedule+0x10/0x10
[ 1292.506806][   T31]  ? schedule+0x91/0x360
[ 1292.511093][   T31]  schedule+0x165/0x360
[ 1292.517540][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1292.523079][   T31]  __mutex_lock+0x724/0xe80
[ 1292.527698][   T31]  ? kobject_put+0x43f/0x480
[ 1292.532336][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1292.537152][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1292.542214][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1292.547440][   T31]  ? __pfx_device_del+0x10/0x10
[ 1292.552337][   T31]  rfkill_unregister+0xc8/0x220
[ 1292.557389][   T31]  nfc_unregister_device+0x96/0x2a0
[ 1292.562642][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1292.568463][   T31]  virtual_ncidev_close+0x56/0x90
[ 1292.573542][   T31]  __fput+0x44c/0xa70
[ 1292.577707][   T31]  task_work_run+0x1d1/0x260
[ 1292.582383][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1292.587574][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1292.593072][   T31]  exit_to_user_mode_loop+0xec/0x110
[ 1292.598531][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1292.603163][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1292.608493][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1292.614710][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1292.619435][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1292.625483][   T31] RIP: 0033:0x7fabcfb8e929
[ 1292.629942][   T31] RSP: 002b:00007ffe6184fff8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1292.638515][   T31] RAX: 0000000000000000 RBX: 00007fabcfdb7ba0 RCX: 00007fabcfb8e929
[ 1292.647515][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1292.657806][   T31] RBP: 00007fabcfdb7ba0 R08: 00000000000001c8 R09: 0000001a618502ef
[ 1292.666037][   T31] R10: 00007fabcfdb7ac0 R11: 0000000000000246 R12: 00000000001180a5
[ 1292.674214][   T31] R13: 00007ffe618500f0 R14: ffffffffffffffff R15: 00007ffe61850110
[ 1292.682425][   T31]  </TASK>
[ 1292.685733][   T31] 
[ 1292.685733][   T31] Showing all locks held in the system:
[ 1292.693488][   T31] 3 locks held by kworker/1:0/24:
[ 1292.699231][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1292.710573][   T31]  #1: ffffc900001e7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1292.724263][   T31]  #2: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 1292.735782][   T31] 1 lock held by khungtaskd/31:
[ 1292.740704][   T31]  #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1292.750812][   T31] 1 lock held by klogd/5195:
[ 1292.755588][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1292.767102][   T31] 2 locks held by getty/5596:
[ 1292.771847][   T31]  #0: ffff888030e7f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1292.781781][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1292.792046][   T31] 4 locks held by kworker/u8:10/4932:
[ 1292.797633][   T31]  #0: ffff88801b6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1292.808689][   T31]  #1: ffffc9000422fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1292.819320][   T31]  #2: ffffffff8f7159d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1292.828762][   T31]  #3: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1292.839071][   T31] 1 lock held by syz-executor/21913:
[ 1292.844388][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1292.853179][   T31] 2 locks held by syz.5.6541/22001:
[ 1292.858515][   T31]  #0: ffff88803347f100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 1292.868483][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1292.879137][   T31] 2 locks held by syz.5.6541/22003:
[ 1292.884379][   T31]  #0: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[ 1292.894688][   T31]  #1: ffff88803347f100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 1292.904381][   T31] 2 locks held by syz.0.6570/22388:
[ 1292.909662][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1292.918279][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[ 1292.928392][   T31] 1 lock held by syz.1.6572/22419:
[ 1292.933524][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1292.942122][   T31] 1 lock held by syz-executor/22621:
[ 1292.947576][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1292.956200][   T31] 1 lock held by syz-executor/22624:
[ 1292.961507][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1292.970052][   T31] 1 lock held by syz-executor/22625:
[ 1292.975433][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1292.983969][   T31] 1 lock held by syz-executor/22649:
[ 1292.989726][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1292.998315][   T31] 1 lock held by syz-executor/22656:
[ 1293.003621][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1293.012211][   T31] 1 lock held by syz-executor/22660:
[ 1293.017657][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1293.026209][   T31] 1 lock held by syz-executor/22661:
[ 1293.031517][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1293.040221][   T31] 1 lock held by syz-executor/22684:
[ 1293.045580][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1293.054120][   T31] 1 lock held by syz-executor/22690:
[ 1293.059538][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1293.068101][   T31] 1 lock held by syz-executor/22696:
[ 1293.073391][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1293.081970][   T31] 1 lock held by syz-executor/22697:
[ 1293.087359][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1293.096350][   T31] 
[ 1293.098717][   T31] =============================================
[ 1293.098717][   T31] 
[ 1293.108189][   T31] NMI backtrace for cpu 0
[ 1293.108209][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1293.108233][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1293.108246][   T31] Call Trace:
[ 1293.108254][   T31]  <TASK>
[ 1293.108262][   T31]  dump_stack_lvl+0x189/0x250
[ 1293.108289][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1293.108322][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1293.108346][   T31]  ? __pfx__printk+0x10/0x10
[ 1293.108383][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1293.108413][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1293.108438][   T31]  ? _printk+0xcf/0x120
[ 1293.108465][   T31]  ? __pfx__printk+0x10/0x10
[ 1293.108491][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1293.108526][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1293.108557][   T31]  watchdog+0xfee/0x1030
[ 1293.108579][   T31]  ? watchdog+0x1de/0x1030
[ 1293.108606][   T31]  kthread+0x70e/0x8a0
[ 1293.108638][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1293.108656][   T31]  ? __pfx_kthread+0x10/0x10
[ 1293.108684][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1293.108712][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1293.108742][   T31]  ? __pfx_kthread+0x10/0x10
[ 1293.108771][   T31]  ret_from_fork+0x3f9/0x770
[ 1293.108795][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1293.108822][   T31]  ? __switch_to_asm+0x39/0x70
[ 1293.108853][   T31]  ? __switch_to_asm+0x33/0x70
[ 1293.108878][   T31]  ? __pfx_kthread+0x10/0x10
[ 1293.108908][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1293.108948][   T31]  </TASK>
[ 1293.108956][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1293.267452][    C1] NMI backtrace for cpu 1
[ 1293.267469][    C1] CPU: 1 UID: 0 PID: 62 Comm: kworker/u8:5 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1293.267489][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1293.267502][    C1] Workqueue: bat_events batadv_nc_worker
[ 1293.267532][    C1] RIP: 0010:__lock_acquire+0x5b1/0xd20
[ 1293.267551][    C1] Code: 89 d0 e9 4a ff ff ff 48 c7 c7 b0 fe 20 8e 48 89 de e8 23 19 5f 03 48 8b 3c 24 e9 56 ff ff ff 83 bf d4 0a 00 00 00 41 0f 94 c4 <45> 00 e4 41 80 c4 03 44 3b bf e8 0a 00 00 0f 8c fc fe ff ff 44 89
[ 1293.267566][    C1] RSP: 0018:ffffc9000213f8f0 EFLAGS: 00000046
[ 1293.267648][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffffff
[ 1293.267659][    C1] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88801c7e3c00
[ 1293.267670][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b3aeda2
[ 1293.267681][    C1] R10: dffffc0000000000 R11: ffffffff8b3aecd0 R12: ffffffffffffff01
[ 1293.267693][    C1] R13: 0000000000000001 R14: ffff88801c7e4740 R15: 0000000000000000
[ 1293.267704][    C1] FS:  0000000000000000(0000) GS:ffff888125b1c000(0000) knlGS:0000000000000000
[ 1293.267718][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1293.267730][    C1] CR2: 000055d751cd9000 CR3: 000000000e138000 CR4: 00000000003526f0
[ 1293.267745][    C1] DR0: 0000000000000008 DR1: 00000000000000ff DR2: fffffffffffffffb
[ 1293.267756][    C1] DR3: 3e00000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1293.267768][    C1] Call Trace:
[ 1293.267774][    C1]  <TASK>
[ 1293.267785][    C1]  ? batadv_nc_worker+0xd2/0x610
[ 1293.267808][    C1]  lock_acquire+0x120/0x360
[ 1293.267823][    C1]  ? batadv_nc_worker+0xd2/0x610
[ 1293.267850][    C1]  ? batadv_nc_worker+0xd2/0x610
[ 1293.267873][    C1]  ? batadv_nc_worker+0xd2/0x610
[ 1293.267896][    C1]  batadv_nc_worker+0xef/0x610
[ 1293.267919][    C1]  ? batadv_nc_worker+0xd2/0x610
[ 1293.267943][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[ 1293.267963][    C1]  process_scheduled_works+0xae1/0x17b0
[ 1293.267994][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1293.268020][    C1]  worker_thread+0x8a0/0xda0
[ 1293.268040][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1293.268070][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1293.268094][    C1]  kthread+0x70e/0x8a0
[ 1293.268118][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1293.268137][    C1]  ? __pfx_kthread+0x10/0x10
[ 1293.268160][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1293.268183][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1293.268208][    C1]  ? __pfx_kthread+0x10/0x10
[ 1293.268231][    C1]  ret_from_fork+0x3f9/0x770
[ 1293.268250][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1293.268269][    C1]  ? __switch_to_asm+0x39/0x70
[ 1293.268290][    C1]  ? __switch_to_asm+0x33/0x70
[ 1293.268311][    C1]  ? __pfx_kthread+0x10/0x10
[ 1293.268333][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1293.268362][    C1]  </TASK>
[ 1293.268594][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1293.551604][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1293.563423][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1293.573496][   T31] Call Trace:
[ 1293.576811][   T31]  <TASK>
[ 1293.579764][   T31]  dump_stack_lvl+0x99/0x250
[ 1293.584384][   T31]  ? __asan_memcpy+0x40/0x70
[ 1293.589021][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1293.594249][   T31]  ? __pfx__printk+0x10/0x10
[ 1293.598892][   T31]  panic+0x2db/0x790
[ 1293.602819][   T31]  ? __pfx_panic+0x10/0x10
[ 1293.607281][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1293.613195][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1293.618599][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1293.624786][   T31]  watchdog+0x102d/0x1030
[ 1293.629133][   T31]  ? watchdog+0x1de/0x1030
[ 1293.633569][   T31]  kthread+0x70e/0x8a0
[ 1293.637672][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1293.642360][   T31]  ? __pfx_kthread+0x10/0x10
[ 1293.646973][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1293.652197][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1293.657420][   T31]  ? __pfx_kthread+0x10/0x10
[ 1293.662034][   T31]  ret_from_fork+0x3f9/0x770
[ 1293.666645][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1293.671779][   T31]  ? __switch_to_asm+0x39/0x70
[ 1293.676560][   T31]  ? __switch_to_asm+0x33/0x70
[ 1293.681351][   T31]  ? __pfx_kthread+0x10/0x10
[ 1293.685963][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1293.690764][   T31]  </TASK>
[ 1293.693953][   T31] Kernel Offset: disabled
[ 1293.698290][   T31] Rebooting in 86400 seconds..